@mreynolds, thanks for the explanations.

Summary
--------

on startup, PKI server makes a VLV search that can take so much time that the startup sequence considers that PKI timed-out.

The culprit VLV search is the following:
SRCH base="ou=keyRepository,ou=kra,o=kra,o=ipaca" scope=1 filter="(&(&(objectClass=top)(objectClass=keyRecord))(serialno=*))" attrs=ALL

PKI needs to configure VLV indexes in order to speed up this type of query. Currently, the following is defined (from ./base/kra/shared/conf/vlv.ldif):

dn: cn=allKeys-pki-tomcat,cn=ipaca,cn=ldbm database,cn=plugins,cn=config
objectClass: top
objectClass: vlvSearch
vlvFilter: (&(serialno=*)(!(realm=*)))
vlvScope: 1
vlvBase: ou=keyRepository,ou=kra,o=kra,o=ipaca
cn: allKeys-pki-tomcat

but it doesn't correspond to the searxh filter used in the slow query, and cannot improve its performance.

PKI needs to define VLV indexes corresponding to the queries it performs. Hence moving this BZ to PKI component.