OpenLDAP Scenario question


I am new to LDAP and this list :-))
I have installed LDAP and tested in the confines of my LAN and read through 
the Doc's & HOWTO in order to learn the Worx of it. However I am missing some 
practical experience ...

My client wants to implement LDAP on a large scale basis.
Sofar I have come up with a general draught on how this might be implemented 
at his site. 
However, due to my lack of practical experiance with LDAP, I would like to ask 
for your opinion whether the following would make sense or is ........

There are several geographic locations throughout Europe accessing the 

Germany (3 locations)
Kroatia (2 locations)
Slowakia (3 location)
Hungary (1 location)

Each of those locations consist of an average of 500-1000 possible users 
accessing the service as a client.

There is only 2 DC's. The Master DC is in Germany and the Slave DC is in 

All German locations above access the Master in Germany which replicates any 
changes to the Slave in Hungary.
The Clients from Kroatia, Slowakia and Hungary access the Slave in Hungary.
We allow clients to connect only using ldaps ....

The reason for having the Master in Germany is that the HQ is located there as 
well as having the Bandwith available for incoming client requests. Also the 
staff administering things is there.

Where I'm unsure of is which hardware one recommends for a certain amount of 
client-connects (and replications). Will 2 DC's be enough? At this point in 
time I also do not know of how many and what kind of entries will populate 
the directory later, etc... 

The DC's will be set up on Linux Boxes in the DMZ whereby the relevant port 
for replication/client-requests is forwarded by the corporate firewall to the 
Box in the DMZ. 

Is this going to work? Am I forgetting something?

Maybe this kind of stuff is covered somewhere I haven't looked yet? Then 
please let me know where I can find the info I need ...

Thanks for any ideas/critics,
Joachim Bauernberger

