20120503 enabling changelog on a standalone opendj server - plembo/onemoretech GitHub Wiki

title: Enabling changelog on a standalone OpenDJ server link: https://onemoretech.wordpress.com/2012/05/03/enabling-changelog-on-a-standalone-opendj-server/ author: lembobro description: post_id: 2641 created: 2012/05/03 17:02:13 created_gmt: 2012/05/03 21:02:13 comment_status: closed post_name: enabling-changelog-on-a-standalone-opendj-server status: publish post_type: post

Enabling changelog on a standalone OpenDJ server

Changelog gets enabled automatically when you set up replication between two OpenDJ servers with the dsreplication command. But some of us (and some 3rd party apps) find it useful to have a changelog on a stand alone directory server -- especially for auditing. Here's how to do that. The following commands are shamelessly lifted from Ludo's Sketches, Enabling the External Change Log on a Single Server.

$ dsconfig create-replication-server 
-h test1.example.com 
-p 5444 
-D "cn=directory manager" 
-w xxxxxxxx 
-X 
-n 
--provider-name "Multimaster Synchronization" 
--set replication-port:8989 
--set replication-server-id:2 
--type generic
  
$ dsconfig create-replication-domain 
-h test1.example.com 
-p 5444 
-D "cn=directory manager" 
-w xxxxxxxx 
-X 
-n 
--provider-name "Multimaster Synchronization" 
--set base-dn:dc=example,dc=com 
--set replication-server:test1.example.com:8989 
--set server-id:3 
--type generic --domain-name example_com

As Ludo points out in his post, to later join this server in replication with another you'll need to first add a replication admin user:

$ dsframework create-admin-user 
-X 
-h test1.example.com 
-p 5444 
-D "cn=directory manager" 
-w xxxxxxx 
--userID admin 
--set password:xxxxxxx

Also note that when using ldapsearch to retrieve information from "cn=changelog" the resulting "changes" attribute values will be UUENCODED LDIF. These can be exported to human readable text by either running them through an LDIF reading routine (using Net::LDAP::LDIF, for example), or using a gui LDAP Browser/Editor like Apache Directory Studio to export into a format other than LDIF, like .csv (comma separated values).

Copyright 2004-2019 Phil Lembo