Deployment testimonials?

[Brandon Hume - OpenLDAP list <hume-ol@Den.BOFH.Halifax.NS.Ca>]

Our organization is currently putting together an LDAP server for the purpose
of (hopefully!) becoming a centralized authentication method as well as the
normal contact directory, etc.

So far the OpenLDAP server (2.0.27) is performing quite well, but just to
round things out, I was wondering if anyone could provide me with some
examples of what they've done in similar situations.

Our directory will only be medium sized, ~50,000 entries.  In the end, it'll
likely be running on Linux on an IBM ~X335 or a Sun LX50, but for the moment
it'll be sitting on an Enterprise 250 w/Sol7.  Our current directory
is on that machine (thus why we're staying with 2.0.27... for the moment...)
and is only very lightly used.

I've written some basic programs to pound on the test directory, and it has
performed admirably, but I'm sure most other admins can sympathize that no
artificial loading or benchmarking tool can accurately simulate the slavering
huns that comprise any user base.

Has anyone else deployed OpenLDAP as an authentication + contact directory
in a similar, or larger, situation, and might have some gotchas to warn us
about?  One thing I've noticed is that 2.0.27 "spins out" and has to be 
killed and restarted when it runs out of file descriptors, so we're going
with the idea of one master server that no one will query, and one public 
slave server for every 1000 queries/s we expect.  (I think we'll be well
under that number at the beginning).

We're operating on the idea of getting it working, THEN upgrading to 2.1.x
when things are stable again.  Are there strong reasons to do it the other
way around?

Any experiences or pointers would be very much appreciated.