you don’t need a LDAP connection for user management from DMZ to LAN
you don’t need fileserver capabilities
you can install the integrated LDAP server (not NSDC) and, after the first setup, add to trusted networks the subnet of the LAN.
Also, the DNS server of your network should resolve the DMZ ip address for the FDQN and aliases of your server.
Dont’ forget that groupware server will consider DMZ network subnet as “trusted” network (Green) unless you set it as “public” connection (Red).