I just wanted to note that the Center for Internet Security recently published a security benchmark for OpenLDAP (based on 2.3):
http://www.cisecurity.org/bench_openldap.html
A lot of the content seems to cover standard practise (e.g. what you get by default on most Linux distributions in terms of who slapd is run as, permissions on important files etc.), but there seem to be some sections worth reading.
Unfortunately, they show configuration for slurpd in their section on "Redundant LDAP Servers".
I wonder if it is worthwhile providing CIS with feedback?
Regards, Buchan