1. Grant access to the cn=changelog backend to the uid=admin account using access control rules. By default, only the root user has access to this backend.
    $ bin/ldapmodify
    dn: cn=changelog
    changetype: modify
    add: aci
    aci: (targetattr="*||+")
      (version 3.0; acl "Access to the changelog backend for the admin account"; 
      allow (all) userdn="ldap:///uid=admin,dc=example,dc=com";) 
  2. Use ldapsearch to view the changelog.
    $ bin/ldapsearch --baseDN cn=changelog --dontWrap "(objectclass=*)"
    dn: cn=changelog 
    objectClass: top 
    objectClass: untypedObject 
    cn: changelog
    
    dn: changeNumber=1,cn=changelog 
    objectClass: changeLogEntry 
    objectClass: top 
    targetDN: uid=user.0,ou=People,dc=example,dc=com 
    changeType: modify
    changes:: cmVwbGFjZTogbW9iaWxlCm1vYmlsZTogKzEgMDIwIDE1NCA5Mzk4Ci0KcmVwbGFjZToga
    G9tZVBob25lCmhvbWVQaG9uZTogKzEgMjI1IDIxNiA0OTQ5Ci0KcmVwbGFjZTogZ2l2ZW5OYW1lCmdp
    dmVuTmFtZTogQWFyb24KLQpyZXBsYWNlOiBkZXNjcmlwdGlvbgpkZXNjcmlwdGlvbjogdGhpcyBpcyB
    0aGUgZGVzY3JpcHRpb24gZm9yIEFhcm9uIEF0cC4KLQpyZXBsYWNlOiBtb2RpZmllcnNOYW1lCm1vZG
    lmaWVyc05hbWU6IGNuPURpcmVjdG9yeSBNYW5hZ2VyLGNuPVJvb3QgRE5zLGNuPWNvbmZpZwotCnJlc
    GxhY2U6IGRzLXVwZGF0ZS10aW1lCmRzLXVwZGF0ZS10aW1lOjogQUFBQkhQOHpUR0E9Cgo= 
    changenumber: 1 
    dn: changeNumber=2,cn=changelog 
    objectClass: changeLogEntry
    objectClass: top 
    targetDN: dc=example,dc=com 
    changeType: modify 
    changes:: cmVwbGFjZTogZHMtc3luYy1zdGF0ZQpkcy1zeW5jLXN0YXRlOiAwMDAwMDExQ0ZGMzM0Q
    zYwNDA5MzAwMDAwMDAyCgo= 
    changenumber: 2