It's not a network management question, but here's how I would do it:
Configure the servers to use LDAP-S (tcp port 636) as your protocol. That encrypts the LDAP traffic in SSL. Put a static NAT on your firewall so the inside servers has a unique public IP address. Add a rule to the ASA allowing on the external server's IP to talk to the NAT IP using LDAP-S.
x.x.x.x = local server real IP
y.y.y.y = local server NAT address
z.z.z.z = remote server ip
static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255
access-list ACL-OUT extended permit tcp host z.z.z.z host y.y.y.y eq 636
This assumes there is no site-site or remote server to site IPSec or SSL VPN.