The changelog contains a monitor entry accessed over LDAP, JConsole, the administrative console, or SNMP. Make sure the account you’re using to request the monitor information has the necessary access rights to the data under cn=monitor. You might need to add a global ACI to grant the appropriate users permission to access monitor data.

  • Use ldapsearch to view the changelog monitor entry. 
    $ bin/ldapsearch --hostname ds.example.com --port 636 --useSSL 
--bindDN "uid=admin,dc=example,dc=com" --bindPasswordFile admin-password.txt
--baseDN cn=changelog,cn=monitor "(objectclass=*)"
    dn: cn=changelog,cn=monitor 
objectClass: top 
objectClass: ds-monitor-entry 
objectClass: extensibleObject 
cn: changelog
changelog: cn=changelog 
firstchangenumber: 1 
lastchangenumber: 8 
lastpurgedchangenumber: 0 
firstReplicaChange: 16225:0000011D0205237F3F6100000001:5 
firstReplicaChange: 16531:0000011CFF334C60409300000002:1
lastReplicaChange: 16225:0000011D02054E8B3F6100000002:7 
lastReplicaChange: 16531:0000011CFF334C60409300000002:1 
oldest-change-time: 20081015063104Z 
...(more data)...