How To

How do I enable the External Change Log on a single OpenDJ 3.x server?

Last updated Jan 5, 2021

The purpose of this article is to provide information on enabling the External Change Log (cn=changelog) on a single OpenDJ 3.x server. You may want to do this for testing purposes or if you want the changes to be available to a third-party system for synchronization purposes.

1 reader recommends this article

This article has been archived and is no longer maintained by ForgeRock.


Do not compress, tamper with, or otherwise alter changelog database files directly unless specifically instructed to do so by a qualified ForgeRock technical support engineer. External changes to changelog database files can render them unusable by the server. By default, changelog database files are located under the /path/to/ds/changelogDb directory.


You can enable the external changelog across a single server as follows:


If you want to enable replication across multiple servers, you should use dsreplication enable instead as described in Reference › dsreplication enable. When you enable replication across multiple servers, the external change log is enabled by default.

Enabling the external changelog on a single OpenDJ server

You can enable the external changelog on a single OpenDJ server as follows:

  1. Create your server as the replication server using the dsconfig create-replication-server command. For example: $ ./dsconfig create-replication-server --provider-name "Multimaster Synchronization" --set replication-port:8989 --set replication-server-id:2 --type generic --hostName --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --no-prompt --trustAll
  2. Create the replication domain for your server using the dsconfig create-replication-domain command. For example: $ ./dsconfig create-replication-domain --provider-name "Multimaster Synchronization" --set base-dn:ou=people,dc=example,dc=com --set replication-server:localhost:8989 --set server-id:3 --type generic --domain-name example_com --hostName --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --no-prompt --trustAll

Searching the external changelog

Once the external change log is enabled, you can search it using the ldapsearch command. You should include the ECL Cookie Control ( as this is the optimized way to search the external changelog. The following example command also includes ; in the Cookie Control; this indicates the cookie is unknown, which means the search starts from the first change. You can replace this with the string value associated with the last change received if you want to continue from that point. You can find this string value from the ChangeLogCookie operational attribute (if requested) or the comment before the change itself. See Administration Guide › To Use the External Change Log for further information.

For example:

$ ./ldapsearch --bindDN "cn=Directory Manager" --bindPassword password --hostName --port 1389 --control ";" --baseDN "cn=changelog" '(objectclass=*)'

See Also

Replication in DS

Administration Guide › Change Notification For Your Applications

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.