Adding "krb5ValidStart" to LDAP equality index

As of UCS version 5.0-0 erratum 100 users may create an account with a delayed activation date. A new LDAP attribute called krb5ValidStart was introduced for this feature.
Currently (UCS version 5.0-1 erratum 187), the created attribute is not indexed. The missing LDAP index leads to a slow LDAP query every 15 minutes.
The index will automatically be added as part of the UCS version 5.0-2 release.

Meanwhile, you can confirm that the attribute has not been indexed by executing:

/usr/share/univention-directory-manager-tools/univention-delayed-account-activation
grep krb5ValidStart /var/log/syslog | tail

If the consoles output shows the following line:

<date> <system_name> slapd[5943]: <= mdb_inequality_candidates: (krb5ValidStart) not indexed

the aforementioned attribute has not been indexed yet.

To add krb5ValidStart to the LDAP equality index, execute the following lines on all UCS 5.0-1 servers of the domain.

ATTENTION: this will stop the LDAP server and thus result in a service interruption. Depending on the user count in your domain the indexing can take minutes to hours.

service slapd stop
/usr/share/univention-ldap/ldap_setup_index --add-eq krb5ValidStart
service slapd start

You may check the successful indexing of krb5ValidStart by running the aforementioned code regarding the confirmation again.