for zarafa use only
This I understand (see my reply in your other post related t same deployment) nevertheless, even if this is for Zarafa only, you may have installed other service like user corner if you want users to be able to change their password e.g.
Or you can also give a try with LDAP bind, well anything that will permit to distinguish between Zarafa related issue and account management related problem.
But, again, whole Zentyal environment to handle LDAP accounts for Zarafa is quite heavy, from my own standpoint of course.
You end up with non standard LDAP port plus constraints in term of schema. I can't really see the Zentyal added value here.