Recent
Engage 2025 – my impressions | Roberto Boccadoro 
By Roberto Boccadoro | 5/27/25, 1:44 PM | Business - Events / People | Added by Oliver Busse
As usual I attended Engage, and as usual it was a very good event.
It was the first one not organized by Theo Heselmans, but Kris and Tom did a great job. I believe Engage is in good hands for the future.
The location was nice, though not very eccentric like the ones Theo has used in the past, the New Babylon conference center; it had the advantage of being right in front of the Central Station, so getting there was a no-brainer, and the hotel I choose, like many others, was just around the corner, literally.
Engage 2025 - interesting days at The Hague
By Heiko Voigt | 5/27/25, 1:43 PM | Business - Events / People | Added by Oliver Busse
We had a lot of work pre-last week to prep evertyhing for the three-day-whirlwind that was about to come down on the Yellow Bubble last week. It was Engage 2025, the first Engage without Theo Heselmans at the helm and he sure left Tom van Aken and Kris de Bishop some large shoes to fill. To say it straight right away - they did fantastic. Engage was one more time the best event in our business - well organised, great food and drinks, great content and great locations.
Engage session follow-up – Domino 14.5 AutoUpdate downloads
By Daniel Nashed | 5/26/25, 8:48 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Thanks to everyone who attended my 8:00 AM session on Wednesday. One topic raised during the session deserves a closer look: how Domino AutoUpdate retrieves installation artifacts.
To download product.jwt, software.jwt, and the Notes/Domino web kits, you need at least one server with outbound connectivity to My HCL Software portal (MHS) and the HCL Domino fixlist servers.
Domino AutoUpdate a supports HTTP proxy configurations, including authenticated proxies, which should work in most enterprise network environments.
All downloads are validated against the software.jwt, which includes signed metadata for all supported software packages. This model fits most connected environments.
Completely air-gapped setups are uncommon, and to date, there haven’t been strong or clearly defined requirements for full offline AutoUpdate workflows.
However, it’s still possible to override download URLs in AutoUpdate documents to manually provide software.jwt and web kits from internal sources.
Configure an addtional Notes port on a server
By Daniel Nashed | 5/15/25, 6:48 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The previous blog post was more dealing with the background about having a second Notes TCP/IP port.
This post focuses to setup a new Notes port end to end using the DNUG Lab environment as an example.
The server I am configuring has two separate IP addresses on two different network cards.
But the same procedure would also work with IP addresses in the same network.
Benefits of running domino with multiple TCP/IP ports
By Daniel Nashed | 5/15/25, 6:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Support for multiple TCP/IP ports has been part of HCL Domino since the early days. Back then, it was first essential to support multiple simultaneous modem connections. It also proved valuable for clustered servers using dedicated network cards.
While today’s networks offer 1 Gbit/s or even 10 Gbit/s speeds—making multiple ports less necessary from a raw bandwidth perspective—there are still compelling reasons to use multiple Notes ports in modern environments.
Domino REST API, CORS and Regex
By Paul Withers | 5/5/25, 3:50 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Release 1.1.3.1 of Domino REST API introduces a breaking change in CORS handling. This makes configuration less straightforward, but as the documentation states, it increases the flexibility and probably makes things a lot easier for larger environments. And though regex is not something Domino developers work with regularly, there are tools close to home that can help.
WebSphere 8.5.5 FP27 & HCL Connections… beware!
By Martijn de Jong | 5/5/25, 3:49 AM | Infrastructure - Connections | Added by Roberto Boccadoro
HCL Connections 8.0 CR9 currently lists in its system requirements WebSphere 8.5.5 FP26 as its highest supported WebSphere version. However, I suspect that CR10 will try to support FixPack 27, which became available on April 21st. Brave companies might just update their servers with the latest fixpack, and usually that works just fine. This fixpack, however, has introduced changes in outbound TLS certificate hostname validation. What it does is if WebSphere will make a connection to https://example.acme.org, it will check if the certificate that example.acme.org returns contains my server.acme.org in either the hostname or as a subject alternative name (SAN). If it doesn’t, you’ll be greeted with a message:
Quick Tip: Domino container in your timezone
By Oliver Busse | 4/17/25, 5:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Since I always forget about the timezone settings when spinning up Domino in a container, I just wanted to document it here for my own records. The key here is to provide an environment setting directly when issuing the run command. For me this would be the Central European timezone like so:
docker run -d --name domdev -v /local/notesdata:/local/notesdata --hostname domdev.local --cap-add=SYS_PTRACE -e TZ=Europe/Berlin -p 1352:1352 -p 80:80 -p 443:443 domino-container:12.0.2FP6
I Feel Pretty - Native Lotusscript Pretty Print for NotesJSONNavigator
By Robert Baehr | 4/15/25, 3:31 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Having been working with the Lotusscript JSON classes and dealing with the raw output of the .stringify function, I decided to write a native "pretty print" function in Lotusscript. As an example, I generated two Lotusscript NotesJSONNavigators, as shown below. Note: This is not the best "code", but merely an example.
Troubleshooting IBM WebSphere LDAP Security
By Christoph Stoettner | 4/14/25, 4:54 AM | Infrastructure - Connections | Added by Roberto Boccadoro
Most of the LDAP connections from IBM WebSphere Application Server are configured with TLS. So you need to have the root certificate in the WebSphere truststore to connect.
In the past I had several issues where MS Active Directory certificates for LDAPS are only valid for one year. They were automatically recreated on the AD side, and the certificate is not using the domain root certificate but a self-signed one.
Migrate MongoDB 5 to 7 for HCL Connections 8 CR9 update
By Christoph Stoettner | 4/14/25, 4:53 AM | Infrastructure - Connections | Added by Roberto Boccadoro
For HCL Connections 8 CR9, it is mandatory to update MongoDB to version 7. During my first migrations, I encountered some issues and would like to provide workarounds and additional troubleshooting tips to help others with this process.
Better Navigation in Connections Scripts
By Christoph Stoettner | 4/14/25, 4:47 AM | Infrastructure - Connections | Added by Roberto Boccadoro
I haven’t touched the Connections scripts
for a long time, but I recently made some minor updates to fix compatibility issues with newer versions and added small scripts to speed up configuration. I also got the documentation script running from the menu.
Avoiding Inline Styles in XPages
By Paul Withers | 4/8/25, 3:22 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Recently there have been discussions about inline CSS in XPages. The absence of anyone mentioning a feature in XPages prompted me to eventually ask about a piece of functionality relevant to this.
The trigger for the discussions was a change in how XPages handles inline CSS, because CSP (Content Security Policy) blocks inline styles as well as inline JavaScript. This can be circumvented by setting unsafe-inline, but this is not recommended.
I'm not interested in the rights or wrongs of inline content (and there are plenty of opinions on the internet about it) or how the problem was addressed in XPages. I also know there are XPages applications I built which still have inline styles, because XPages allowed me to do it. But there's a way to avoid it and solve it, at just a click of a button. And it appears many XPages developers are not aware of it, even though I was teaching about it in XPages courses over a decade ago.
Adding trusted roots to Domino containers
By Daniel Nashed | 4/7/25, 4:03 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Linux and Domino comes with a good set of public trusted certs.
But in corporate environment you often have to add your own trusted root for a corporate CA.
This starts with Linux which needs certificates to validate repository servers and other resources.
Domino trusted roots
But also within Domino there are are trust stores which need might need central management.
Domino Directory Trusted roots, certstore.nsf Trusted roots can be easily centrally updated.
But the following two trust stores are more difficult to manage:
/local/notesdata/cacert.pem used for HTTP Requests in Lotus Script and other backend code using curl
Domino JVM trust store used by Java
What you should know about Domino "res" files on Linux and AIX
By Daniel Nashed | 4/3/25, 4:56 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
res files actually come from Windows and are used to translate strings for UI and errors.
Those res files are usually linked to the Windows binary.
Linux and AIX also use "res" files in a res/ directory below the binary directory.
The files are essential for a server. All the core code string resources are in strings.res.
Most Domino native servertasks also use string resources.
Wolfi OS - Secure base layer for containers
By Daniel Nashed | 4/3/25, 4:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This project is pretty cool. It's a container only OS using the kernel from the host.
But it has a couple of really interesting design goals.
https://github.com/wolfi-dev/
They build container base images with the minimum number of packages and "CVE free" as much as possible.
So their own containers for NGINX for example really only have NGINX and nothing around it -- not even a shell unless you install a :latest-dev container.
How to update Domino when running in a container?
By Daniel Nashed | 4/3/25, 4:52 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I just updated my production environment to Domino 14.0 FP4.
Let me show you how it works if you have everything setup.
HCL Domino and Defensive API Architecture
By Gavin Bollard | 4/2/25, 2:52 AM | Development - Notes / Domino | Added by Roberto Boccadoro
HCL Domino's REST APIs unlock powerful integration capabilities, enabling data exchange with external systems and enhancing business workflows. However, exposing these APIs directly to the internet introduces significant security risks. To mitigate these risks, this blog post explores the concept of 'Defensive API Architecture.'
Fiddling with Tika in XPages
By Patrick Kwinten | 4/1/25, 2:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro
We have the annoying behaviour in an XPages application that users tend to select encrypted or password protected files from their local machine or some sort of expensive drive.
The application manages the process for new products or services and when a decision has been taken for the proposal all the attached files will be combined in a single PDF file and stored in an archive. This combining process does not work well with password protected or encrypted files so either we should disallow the upload of such files or (when nobody has complained (read) about these files) they should be skipped to be combined in the final decision. But prevent uploading should be better of course (and notify the user about the file issue).
So where do you start? Tika claims to be the content analysis toolkit so no looking further you would think.
Notes Client - sending crazy key combinations to interact with Windows
By Jesper Kiær | 3/31/25, 1:49 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In my earlier blog entry I showed how to refresh the Notes Client UI with F5 sending key presses from code.
Using the same technic you can do some wild stuff, since you can almost simulate any keypress on the keyboard.
In an Action button you could for example:
- create email (CNTL + M)
- log out of Notes (CNTL +F5)
- lock Windows Windows key + L)
- show emoji bar (Windows key +.)
- show previews of open applications (Windows key + tab)
- print screen (ALT + PrnScr)
F5 - UI refresh from code
By Jesper Kiær | 3/27/25, 9:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In the Notes client you can refresh the UI by pressing the F5 (F9) button.
This means for a document the UI document gets recalulated and updated.
There are methods to something similar in code, UI.reload, UI.refresh etc,
In the backend document you can call doc.computewithform, but my experience is that with a complicated form with maybe both LotusScript and Formulas it will often fail.
Sometimes you just need a simple F5 refresh to update the document...because it works.
So here is a way to make a F5 refresh from LotusScript and Java.
Reducing the noise in the log – Update
By Patrick Kwinten | 3/26/25, 3:06 PM | Development - Notes / Domino | Added by Roberto Boccadoro
After our team used the changes I made in the log application to reduce the noise for a couple of weeks we gathered user feedback and reviewed it and we came to the following improvements:
Deploying a Single Page Application using the Domino REST API - NotesSensei's Blog
By Stephan Wissel | 3/24/25, 5:28 AM | Development - Notes / Domino | Added by Roberto Boccadoro
The Domino REST API not only provides secure access to "jsonified" Domino data,
but also comes with capabilities to ease integration. This enables one to quickly cater to the long tail of applications, giving them a home instead of loosing them to the shadow IT.
Once you know the steps, you can deploy new Single Purpose Applications (I modified the meaning of SPA a little) in no time.
Reducing the noise in the log
By Patrick Kwinten | 2/20/25, 3:03 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Every Domino environment has got logs and probably it's not you who goes through the logs since it's a repetitive mind-numbing task. Here too, but sometimes the colleague who performs the task takes some days off and then it might be you who is responsible for doing it. So last week I was “screwed” and was searching for a quick solution to minimalize the mind-numbing without risking to overlook an important log-entry. Here is what I came up with:
HCL Connections – Docs (Proxy) not Working After Installing IFPH63778 IBM WebSphere Application Server Fix
By Milan Matejic | 2/7/25, 2:23 AM | Infrastructure - Connections | Added by Roberto Boccadoro
If you're like me and want to keep your IBM WebSphere Application Servers up to date with the latest patches, you might want to skip the installation of IFPH63778 for 8.5.5.26 version of WebSphere, or at least exercise caution before doing so.
After installing IFPH63778 on my WebSphere servers hosting HCL Connections Docs applications, Docs Proxy application was unable to communicate with the required application servers, effectively breaking my HCL Connections Docs deployment.
HCL Connections – Component Pack Update – MongoDB Security Settings Update Issue
By Milan Matejic | 2/6/25, 3:19 AM | Infrastructure - Connections | Added by Roberto Boccadoro
During the HCL Connections Component Pack 8.0 CR8 update, some security settings are modified for the MongoDB replica set used by the HCL Connections Component Pack. This is managed by the check-and-update-mongo5-security Kubernetes (K8s) job, which creates the check-and-update-mongo5-security-* pod to change the security settings of the replica set. Once the job completes successfully, the K8s pod and the corresponding job are marked with the status complete(d)
However, in one of the HCL Connections environments I am working on, the job didn’t complete successfully. During my initial analysis, I found the following error in the log of the check-and-update-mongo5-security pod....
Source code issue with alternative usage view columns
By Patrick Kwinten | 2/4/25, 5:11 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In a previous post I demonstrated how you can improve the usability of image resources by switching alias and file name. It works fine until you start synchronizing with your On Disk Project. While a normal image resource contains of the image file and some metadata but when you change the filename with the alias and vice versa Designer no longer detaches the graphical file and only writes the metadata file to the ODP.
How to add a trusted root to Linux
By Daniel Nashed | 2/3/25, 2:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
I am still adding custom trusted root support to the Domino container project.
You will be able to just specify a trusted root to add to the local Linux trust store.
Like other low level functionality this works differently on different Linux flavors.
Here is what I am adding for SUSE, for Debian/Ubuntu and basically all the other Redhat/RPM based systems (I rested Rocky, Alma & Co so far).
Do Crazy Innovative Things in the Notes Client
By Patrick Kwinten | 1/29/25, 5:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In February OpenNTF organizes a webinar titled ‘Do crazy innovative things in the Notes client‘. I am sure (from first hand experience) that Bernd Gewehr has pushed his developers to stretch the limits about what is possible to do in the Notes client.
Recently I have been doing some development for the Notes client and you an easily bump to the limitations. I will write about some things that I applied to the application that I was working on.
Handling UserAccessException
By Patrick Kwinten | 1/28/25, 2:02 AM | Development - Notes / Domino | Added by Roberto Boccadoro
The almost standard way to work at the company is to work in a committee. So almost everyone is member of one or more committees for different types of work-areas. Commitees have restricted access and organize agendas and meetings where decisions are made. Agendas, meetings and decisions are shared via mail and these mails are again shared. Curious people try to access the committee documents via URL’s although they have no access to the committee and then the UserAccessException occurs.