[ILUG] authenticate ldap multiple remote active directory sites

[Pete McEvoy]

Hi,
I'm currently scoping a job where a requirement may be to get a box in a
datacentre to authenticate users against active directory at different
sites, these sites would be windows networks behind a firewall on the
end of a dsl line.
This job is currently at the pre planning stage, and I currently have
zero experience of this, so if this sounds ridiculous and I'm barking up
the wrong tree, please someone feel free to tell me so.
If not, could I solicit the collective wisdom of ilug as to the best way
to go about this? 
Can one install of openldap perform such a task? 
Would freeswan be sufficient to provide secure access through the firewall to
the AD servers, or would I be better thinking about hardware vpn
solutions?

I realise these questions are incredibly vague, but I've only got a
vague outline of the project and have been tasked with steering the
technical requirements, so would appreciate any input from people with
experience of such a scenario.

Thanks in advance

-- 
Pete