In a customer project we use the univentionObjectIdentifier to store the ID from an external IAM at user/group objects. In syslog there are a lot of entries like slapd[1374]: <= mdb_equality_candidates: (univentionObjectIdentifier) not indexed I guess that the indexing wouldnt be an improvement only for this customer but for all environments (for the case that the attribute is in future used internally from UCS or ucs@school.)
See https://forge.univention.org/bugzilla/show_bug.cgi?id=53259 why is not not a good idea to index too much. You're always free to extend UCRV 'ldap/index/eq' yourself with all the bad consequences that might have.
In the case the attribute is used, it should be indexed. When it's not used, it shouldn't be indexed. There should be an easy and safe way for customers/ProfS to enable it. If using 'ldap/index/eq' is not a good way, then it's not a solution. A topic for a different issue might be a system diagnose module that greps in syslog for occurrences of 'mdb_equality_candidates' and provides admins with a generic solution or a link to a help article.
/usr/share/univention-ldap/ldap_setup_index --add-eq univentionObjectIdentifier --only-update-ucr; systemctl stop slapd; \ slapindex -f /etc/ldap/slapd.conf univentionObjectIdentifier; systemctl start slapd
Or, without restart of slapd: /usr/share/univention-ldap/ldap_setup_index --add-eq univentionObjectIdentifier --only-update-ucr; \ echo -e 'dn: olcDatabase={1}mdb,cn=config\nchangetype: modify\nadd: olcDbIndex\nolcDbIndex: univentionObjectIdentifier eq' | ldapmodify -x -H LDAPI://
Would that add the setting to UCR? IMHO, a solution should document the change and make it repeatable in case of a system/cluster rebuild.
Regarding 57393 Coment 7: No that's not recommended. The tool for adding/removing LDAP attributes to the index configuration (in UCR) is: /usr/share/univention-ldap/ldap_setup_index The problem of that script is only, that by default it runs a full slapindex over all configured LDAP attributes. That's why in Bug 57393 Comment 3 I pointed out a way how this can be avoided by adding the relatively new option --only-update-ucr which only adjust the UCR variables but skips the full re-index, so you can to it manually for one specific attribute.
994e8bc679c | Configure eq index for univentionObjectIdentifier by default Later updated by commits for Bug #58318.
OK: univentionObjectIdentifier is indexed for eq matching in 5.2-2