Quick Tip: Domino container in your timezone  

By Oliver Busse | 4/17/25, 5:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Since I always forget about the timezone settings when spinning up Domino in a container, I just wanted to document it here for my own records. The key here is to provide an environment setting directly when issuing the run command. For me this would be the Central European timezone like so: docker run -d --name domdev -v /local/notesdata:/local/notesdata --hostname domdev.local --cap-add=SYS_PTRACE -e TZ=Europe/Berlin -p 1352:1352 -p 80:80 -p 443:443 domino-container:12.0.2FP6

I Feel Pretty - Native Lotusscript Pretty Print for NotesJSONNavigator  

By Robert Baehr | 4/15/25, 3:31 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Having been working with the Lotusscript JSON classes and dealing with the raw output of the .stringify function, I decided to write a native "pretty print" function in Lotusscript. As an example, I generated two Lotusscript NotesJSONNavigators, as shown below. Note: This is not the best "code", but merely an example.

Troubleshooting IBM WebSphere LDAP Security   

By Christoph Stoettner | 4/14/25, 4:54 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Most of the LDAP connections from IBM WebSphere Application Server are configured with TLS. So you need to have the root certificate in the WebSphere truststore to connect. In the past I had several issues where MS Active Directory certificates for LDAPS are only valid for one year. They were automatically recreated on the AD side, and the certificate is not using the domain root certificate but a self-signed one.

Migrate MongoDB 5 to 7 for HCL Connections 8 CR9 update  

By Christoph Stoettner | 4/14/25, 4:53 AM | Infrastructure - Connections | Added by Roberto Boccadoro

For HCL Connections 8 CR9, it is mandatory to update MongoDB to version 7. During my first migrations, I encountered some issues and would like to provide workarounds and additional troubleshooting tips to help others with this process.

Better Navigation in Connections Scripts  

By Christoph Stoettner | 4/14/25, 4:47 AM | Infrastructure - Connections | Added by Roberto Boccadoro

I haven’t touched the Connections scripts for a long time, but I recently made some minor updates to fix compatibility issues with newer versions and added small scripts to speed up configuration. I also got the documentation script running from the menu.

Avoiding Inline Styles in XPages   

By Paul Withers | 4/8/25, 3:22 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Recently there have been discussions about inline CSS in XPages. The absence of anyone mentioning a feature in XPages prompted me to eventually ask about a piece of functionality relevant to this. The trigger for the discussions was a change in how XPages handles inline CSS, because CSP (Content Security Policy) blocks inline styles as well as inline JavaScript. This can be circumvented by setting unsafe-inline, but this is not recommended. I'm not interested in the rights or wrongs of inline content (and there are plenty of opinions on the internet about it) or how the problem was addressed in XPages. I also know there are XPages applications I built which still have inline styles, because XPages allowed me to do it. But there's a way to avoid it and solve it, at just a click of a button. And it appears many XPages developers are not aware of it, even though I was teaching about it in XPages courses over a decade ago.

Adding trusted roots to Domino containers  

By Daniel Nashed | 4/7/25, 4:03 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Linux and Domino comes with a good set of public trusted certs. But in corporate environment you often have to add your own trusted root for a corporate CA. This starts with Linux which needs certificates to validate repository servers and other resources. Domino trusted roots But also within Domino there are are trust stores which need might need central management. Domino Directory Trusted roots, certstore.nsf Trusted roots can be easily centrally updated. But the following two trust stores are more difficult to manage: /local/notesdata/cacert.pem used for HTTP Requests in Lotus Script and other backend code using curl Domino JVM trust store used by Java

What you should know about Domino "res" files on Linux and AIX  

By Daniel Nashed | 4/3/25, 4:56 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

res files actually come from Windows and are used to translate strings for UI and errors. Those res files are usually linked to the Windows binary. Linux and AIX also use "res" files in a res/ directory below the binary directory. The files are essential for a server. All the core code string resources are in strings.res. Most Domino native servertasks also use string resources.

Wolfi OS - Secure base layer for containers  

By Daniel Nashed | 4/3/25, 4:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

This project is pretty cool. It's a container only OS using the kernel from the host. But it has a couple of really interesting design goals. https://github.com/wolfi-dev/ They build container base images with the minimum number of packages and "CVE free" as much as possible. So their own containers for NGINX for example really only have NGINX and nothing around it -- not even a shell unless you install a :latest-dev container.

How to update Domino when running in a container?  

By Daniel Nashed | 4/3/25, 4:52 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I just updated my production environment to Domino 14.0 FP4. Let me show you how it works if you have everything setup.

HCL Domino and Defensive API Architecture  

By Gavin Bollard | 4/2/25, 2:52 AM | Development - Notes / Domino | Added by Roberto Boccadoro

HCL Domino's REST APIs unlock powerful integration capabilities, enabling data exchange with external systems and enhancing business workflows. However, exposing these APIs directly to the internet introduces significant security risks. To mitigate these risks, this blog post explores the concept of 'Defensive API Architecture.'

Fiddling with Tika in XPages  

By Patrick Kwinten | 4/1/25, 2:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro

We have the annoying behaviour in an XPages application that users tend to select encrypted or password protected files from their local machine or some sort of expensive drive. The application manages the process for new products or services and when a decision has been taken for the proposal all the attached files will be combined in a single PDF file and stored in an archive. This combining process does not work well with password protected or encrypted files so either we should disallow the upload of such files or (when nobody has complained (read) about these files) they should be skipped to be combined in the final decision. But prevent uploading should be better of course (and notify the user about the file issue). So where do you start? Tika claims to be the content analysis toolkit so no looking further you would think.

Notes Client - sending crazy key combinations to interact with Windows   

By Jesper Kiær | 3/31/25, 1:49 AM | Development - Notes / Domino | Added by Roberto Boccadoro

In my earlier blog entry I showed how to refresh the Notes Client UI with F5 sending key presses from code. Using the same technic you can do some wild stuff, since you can almost simulate any keypress on the keyboard. In an Action button you could for example: - create email (CNTL + M) - log out of Notes (CNTL +F5) - lock Windows Windows key + L) - show emoji bar (Windows key +.) - show previews of open applications (Windows key + tab) - print screen (ALT + PrnScr)

F5 - UI refresh from code  

By Jesper Kiær | 3/27/25, 9:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro

In the Notes client you can refresh the UI by pressing the F5 (F9) button. This means for a document the UI document gets recalulated and updated. There are methods to something similar in code, UI.reload, UI.refresh etc, In the backend document you can call doc.computewithform, but my experience is that with a complicated form with maybe both LotusScript and Formulas it will often fail. Sometimes you just need a simple F5 refresh to update the document...because it works. So here is a way to make a F5 refresh from LotusScript and Java.

Reducing the noise in the log – Update  

By Patrick Kwinten | 3/26/25, 3:06 PM | Development - Notes / Domino | Added by Roberto Boccadoro

After our team used the changes I made in the log application to reduce the noise for a couple of weeks we gathered user feedback and reviewed it and we came to the following improvements:

Deploying a Single Page Application using the Domino REST API - NotesSensei's Blog  

By Stephan Wissel | 3/24/25, 5:28 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The Domino REST API not only provides secure access to "jsonified" Domino data, but also comes with capabilities to ease integration. This enables one to quickly cater to the long tail of applications, giving them a home instead of loosing them to the shadow IT. Once you know the steps, you can deploy new Single Purpose Applications (I modified the meaning of SPA a little) in no time.

Reducing the noise in the log   

By Patrick Kwinten | 2/20/25, 3:03 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Every Domino environment has got logs and probably it's not you who goes through the logs since it's a repetitive mind-numbing task. Here too, but sometimes the colleague who performs the task takes some days off and then it might be you who is responsible for doing it. So last week I was “screwed” and was searching for a quick solution to minimalize the mind-numbing without risking to overlook an important log-entry. Here is what I came up with:

HCL Connections – Docs (Proxy) not Working After Installing IFPH63778 IBM WebSphere Application Server Fix  

By Milan Matejic | 2/7/25, 2:23 AM | Infrastructure - Connections | Added by Roberto Boccadoro

If you're like me and want to keep your IBM WebSphere Application Servers up to date with the latest patches, you might want to skip the installation of IFPH63778 for 8.5.5.26 version of WebSphere, or at least exercise caution before doing so. After installing IFPH63778 on my WebSphere servers hosting HCL Connections Docs applications, Docs Proxy application was unable to communicate with the required application servers, effectively breaking my HCL Connections Docs deployment.

HCL Connections – Component Pack Update – MongoDB Security Settings Update Issue  

By Milan Matejic | 2/6/25, 3:19 AM | Infrastructure - Connections | Added by Roberto Boccadoro

During the HCL Connections Component Pack 8.0 CR8 update, some security settings are modified for the MongoDB replica set used by the HCL Connections Component Pack. This is managed by the check-and-update-mongo5-security Kubernetes (K8s) job, which creates the check-and-update-mongo5-security-* pod to change the security settings of the replica set. Once the job completes successfully, the K8s pod and the corresponding job are marked with the status complete(d) However, in one of the HCL Connections environments I am working on, the job didn’t complete successfully. During my initial analysis, I found the following error in the log of the check-and-update-mongo5-security pod....

Source code issue with alternative usage view columns  

By Patrick Kwinten | 2/4/25, 5:11 AM | Development - Notes / Domino | Added by Roberto Boccadoro

In a previous post I demonstrated how you can improve the usability of image resources by switching alias and file name. It works fine until you start synchronizing with your On Disk Project. While a normal image resource contains of the image file and some metadata but when you change the filename with the alias and vice versa Designer no longer detaches the graphical file and only writes the metadata file to the ODP.

How to add a trusted root to Linux  

By Daniel Nashed | 2/3/25, 2:57 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

I am still adding custom trusted root support to the Domino container project. You will be able to just specify a trusted root to add to the local Linux trust store. Like other low level functionality this works differently on different Linux flavors. Here is what I am adding for SUSE, for Debian/Ubuntu and basically all the other Redhat/RPM based systems (I rested Rocky, Alma & Co so far).

Do Crazy Innovative Things in the Notes Client  

By Patrick Kwinten | 1/29/25, 5:04 AM | Development - Notes / Domino | Added by Roberto Boccadoro

In February OpenNTF organizes a webinar titled ‘Do crazy innovative things in the Notes client‘. I am sure (from first hand experience) that Bernd Gewehr has pushed his developers to stretch the limits about what is possible to do in the Notes client. Recently I have been doing some development for the Notes client and you an easily bump to the limitations. I will write about some things that I applied to the application that I was working on.

Handling UserAccessException  

By Patrick Kwinten | 1/28/25, 2:02 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The almost standard way to work at the company is to work in a committee. So almost everyone is member of one or more committees for different types of work-areas. Commitees have restricted access and organize agendas and meetings where decisions are made. Agendas, meetings and decisions are shared via mail and these mails are again shared. Curious people try to access the committee documents via URL’s although they have no access to the committee and then the UserAccessException occurs.

Indefinitely growing homepage.sr_index_docs table and forgotten search nodes  

By Christoph Stoettner | 1/24/25, 3:17 AM | Infrastructure - Connections | Added by Roberto Boccadoro

The last weeks I had twice the issue of a huge homepage database with HCL Connections. Both systems weren’t installed by me, but I reviewed them. So I know this issues quite well since I faced it the first time years ago. This always happens when you migrate Connections environments side-by-side, and you forget to remove the old search nodes. sr_index_docs is used to make all search nodes indexing newly upload files. When each search node has indexed the file, the entry gets removed from the database. As the old nodes are no longer running, they can’t index, and so these entries never get deleted. In larger environments the table grows to millions of documents and the database size grows from some GB into the hundreds of GB. You see this growth mainly during database backup, or when you want to move the data to a new machine. So often nobody recognizes the huge waste of space.

Data Access With XPages JEE  

By Jesse Gallagher | 1/17/25, 6:25 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Though one day I'd really like to sit down and work on expanding and categorizing the documentation for the XPages JEE project, in the mean time I can at least put together some scattered info in the form of blog posts, webinars, and example apps. Add this post to the pile! Some of it will be a rehash of previous posts, but it doesn't hurt to see it rephrased.

Java != Java on Domino  

By Oliver Busse | 1/9/25, 2:26 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Today I again encountered some strange things on different Domino machines. It’s Java again. The other specs are: my local dev box is 12.0.2FP2, running in a container using the HCL image the other machines are natively installed 12.0.2FP2, also Linux there are no language packs installed at all The parts that are used: some Java in an NSF, defined as managed bean (but this doesn’t matter) Java is using ExtLibUtil and java.util.Calendar some XSP in an NSF

Announcing Open Mic with the HCL Developers - A New Monthly Series  

By OpenNTF | 1/8/25, 12:25 PM | Business - Events / People | Added by Oliver Busse

OpenNTF and HCL announce a new initiative aimed at improving the collaboration between our community and HCL and at giving feedback on their products. Each month, we will host an “Open Mic” session with experts, developers, and PMs from HCL, and everyone will be invited to ask questions on a specific topic for that month. This is an occasion to get in touch directly with the people who build the product and provide answers to your most challenging questions.

SSL Certifier is not trusted  

By Fredrik Norling | 1/8/25, 12:30 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Root cert not trusted when getting SSL encrypted data using XPages or Domino agents I have seen a problem with getting data using XPages or agents from Amazon hosted services because they now are using a Amazon Trusted Root. But it can be others poping up also in the future.

Creating an IBM HTTP Server key db from a .pfx file   

By Martijn de Jong | 1/7/25, 2:41 AM | Infrastructure - Connections | Added by Roberto Boccadoro

It’s a question that I get quite often. “Can you create a IHS key database for me from this pfx certificate”? Multiple of our customers use IBM HTTP Server. Either for HCL Connections, but also as a reverse proxy for other services. Most of those customers use a wildcard certificate for their IHS server that has to be renewed each year. As I hate this kind of repetitive work, I created a script to do it for me. As it could be of use to others, I decided to create a blog article about it.

DBMT tool enhancements in Domino 14.5 EA2   

By Daniel Nashed | 1/7/25, 2:39 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Sometimes small changes open many new possibilities. The following DBMT tool command line options are added to DBMT in Domino 14.5 EA2: -systemDbs (-sd for short) Allows compact to process system dbs, which are usually ignored), as well as databases listed in the dbmt_compact_filter.ind file. -regex (-re for short) Now a database name can be specified using regular expressions. If an .ind file is specified, the database names listed in the .ind file can be regular expressions. -validateDbs (-vd for short) Does not execute the updall or compacts, but outputs the list of databases that could be affected by the DBMT command (mainly to validate -regex inputs). Can be used in combination with -sd