As of UCS version 5.0-0 erratum 100 users may create an account with a delayed activation date. A new LDAP attribute called krb5ValidStart was introduced for this feature.
Currently (UCS version 5.0-1 erratum 187), the created attribute is not indexed. The missing LDAP index leads to a slow LDAP query every 15 minutes.
The index will automatically be added as part of the UCS version 5.0-2 release.
Meanwhile, you can confirm that the attribute has not been indexed by executing:
/usr/share/univention-directory-manager-tools/univention-delayed-account-activation
grep krb5ValidStart /var/log/syslog | tail
If the consoles output shows the following line:
<date> <system_name> slapd[5943]: <= mdb_inequality_candidates: (krb5ValidStart) not indexed
the aforementioned attribute has not been indexed yet.
To add krb5ValidStart to the LDAP equality index, execute the following lines on all UCS 5.0-1 servers of the domain.
ATTENTION: this will stop the LDAP server and thus result in a service interruption. Depending on the user count in your domain the indexing can take minutes to hours.
service slapd stop
/usr/share/univention-ldap/ldap_setup_index --add-eq krb5ValidStart
service slapd start
You may check the successful indexing of krb5ValidStart by running the aforementioned code regarding the confirmation again.