The changelog contains a monitor entry accessed over LDAP, JConsole, the administrative console, or SNMP. Make sure the account you’re using to request the monitor information has the necessary access rights to the data under cn=monitor. You might need to add a global ACI to grant the appropriate users permission to access monitor data.

  • Use ldapsearch to view the changelog monitor entry.
    $ bin/ldapsearch --hostname --port 636 --useSSL 
    --bindDN "uid=admin,dc=example,dc=com" --bindPasswordFile admin-password.txt
    --baseDN cn=changelog,cn=monitor "(objectclass=*)"
    dn: cn=changelog,cn=monitor 
    objectClass: top 
    objectClass: ds-monitor-entry 
    objectClass: extensibleObject 
    cn: changelog
    changelog: cn=changelog 
    firstchangenumber: 1 
    lastchangenumber: 8 
    lastpurgedchangenumber: 0 
    firstReplicaChange: 16225:0000011D0205237F3F6100000001:5 
    firstReplicaChange: 16531:0000011CFF334C60409300000002:1
    lastReplicaChange: 16225:0000011D02054E8B3F6100000002:7 
    lastReplicaChange: 16531:0000011CFF334C60409300000002:1 
    oldest-change-time: 20081015063104Z 
    ...(more data)...