Hi Mark
Well if your script is successful then it can't be a firewall issue can it?
Our Moodle has the LDAP server setting as ldap://<name of the ldap server> I've added a second address as we have 2 servers capable of ldap, one acts as a backup for the other; should provide Moodle with a failover. Version is set to 3 with utf-8 encoding and the page size is set to 250 because the ldap server has its result limit set to about 1000.
Check the bind account settings maybe?
We setup a specific moodleadmin user in Active Directory (we're entirely windows based in servers) and the Distinguished name setting is 'cn=moodleadmin,ou=<container ou>,ou=<that container ou>,ou=<school ou>,dc=<1st part of the school domain>,dc=<2nd part of the school domain>' so you have to create the full path to the active directory account. Like I said ours worked first time and not had a moment of trouble with it.
John Gifford