Recent
Removing security-auditlog indexes from your OpenSearch cluster 
By Martijn de Jong | 7/18/25, 1:21 AM | Infrastructure - Connections | Added by Roberto Boccadoro
After my previous article on Querying the OpenSearch index, a colleague and I used the script to take a good look at the OpenSearch index in our environment. That environment, is a large Connections installation (45K users) in the Netherlands. We found two disturbing facts:
The cluster status was yellow, due to the QuickResults index not having a replica of all its shards
There was a huge amount of secruity-auditlog indexes, one per day. There were as many as the days passed since our migration to Connections 8
It turns out these two issues were closely related.
Connecting Domino IQ to External LLM Providers
By Serdar Basegmez | 7/2/25, 4:37 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Step-by-step guide to connect Domino IQ with Ollama or OpenAI in Domino 14.5, including setup, config tips, and troubleshooting.
HCL Domino 14.5, Fix your iNotes Redirector for Verse
By Keith Brooks | 7/2/25, 4:34 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
By now, if you have updated your Domino server and relied on iNotes, you have found that it no longer works.
HCL was clear about this, and there is no workaround, so if you want iNotes and not Verse, better keep a server on 14.0 and point everyone there.
For the rest of us that move forward with the times, we will have seen that logging into the iNotes URL gets you to a pop-up telling hat iNotes is no longer available, and you need to open HCL Verse. If you click on the link, it directs you straight to Verse.
iNotes required the iNotes redirector. Well, there is no new redirector, but it did get renamed to Verse redirector(same template name), but it does include some options you probably hadn't considered, and this is how you resolve the problem.
If you haven't changed any settings in a while, now is a great time to update them. The redirector has been updated periodically along the way.
These are the ones to change or review:
Domino Container Environment Install Script
By Daniel Nashed | 7/2/25, 4:31 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
It has been a round for a while. I am too lazy to do the same installations over and over again manually.
In addition it helps me to get customer environments all setup in the same way.
This script clones the Domino container project and Domino start script.
It also installs Docker from the official repository along with the Domino download script and also the container control script.
This is the fastest way to setup a container environment.
Querying your OpenSearch index
By Martijn de Jong | 7/2/25, 4:30 PM | Infrastructure - Connections | Added by Roberto Boccadoro
n the old days of Connections, we would check our ElasticSearch indexes through Kibana, but Kibana is no longer part of an HCL Connections Component pack installation. In HCL Connections 8, OpenSearch is a core component powering features like Orient Me, Type-Ahead Search, and Metrics. As an administrator, it’s critical not just to ensure that OpenSearch is running, but to verify that it’s indexing, storing, and serving content correctly.
Using IntelliJ Idea and Domino JNX for Domino Development
By Serdar Basegmez | 6/20/25, 12:48 PM | Development - Notes / Domino | Added by Serdar Basegmez
Streamline Domino development with IntelliJ IDEA: learn setup, Maven integration, JNX usage and productivity tips to modernise your Java workflow.
Langchain4j for Domino v1.0.0 released!
By Serdar Basegmez | 6/13/25, 7:12 AM | Development - Notes / Domino | Added by Serdar Basegmez
First release of Langchain4j for Domino: native Java integration, document loaders, and XSP support to bring LLM workflows to Domino apps.
Moved my blog: The third generation!
By Serdar Basegmez | 6/12/25, 8:24 AM | Development - Notes / Domino | Added by Cn=Serdar Basegmez/O=Developi
I’ve relaunched my blog on a new platform after years of inactivity, choosing MkDocs Material for its simplicity and Python support. The migration involved converting hundreds of posts, sorting out hosting and redirects, and finding the right workflow for writing and publishing. Everything is now up and running, with archives preserved.
Engage 2025: Visualize Your Domino Data with Open Source Tools Session Slides and Databases
By Richard Moy | 6/10/25, 1:53 PM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Thank you everyone for attending my Engage 2025 session, Visualizing your Domino Data using Open Source Tools. Though I was up against some formidable sessions, I was surprised to have close to 30 attendees in my session. As promised, here is the PowerPoint presentation and sample databases and code.
Engage 2025: Lotus is back?!?!?
By Hogne B. Pettersen | 6/6/25, 3:44 AM | Business - Events / People | Added by Oliver Busse
And a new Notes client is coming?!?! Read my report from this year’s Engage conference, where I also explain why HCL has a golden opportunity now that Microsoft are showing that they can lock you out from your own data whenever they want.
Engage 2025 – my impressions | Roberto Boccadoro
By Roberto Boccadoro | 5/27/25, 1:44 PM | Business - Events / People | Added by Oliver Busse
As usual I attended Engage, and as usual it was a very good event.
It was the first one not organized by Theo Heselmans, but Kris and Tom did a great job. I believe Engage is in good hands for the future.
The location was nice, though not very eccentric like the ones Theo has used in the past, the New Babylon conference center; it had the advantage of being right in front of the Central Station, so getting there was a no-brainer, and the hotel I choose, like many others, was just around the corner, literally.
Engage 2025 - interesting days at The Hague
By Heiko Voigt | 5/27/25, 1:43 PM | Business - Events / People | Added by Oliver Busse
We had a lot of work pre-last week to prep evertyhing for the three-day-whirlwind that was about to come down on the Yellow Bubble last week. It was Engage 2025, the first Engage without Theo Heselmans at the helm and he sure left Tom van Aken and Kris de Bishop some large shoes to fill. To say it straight right away - they did fantastic. Engage was one more time the best event in our business - well organised, great food and drinks, great content and great locations.
Engage session follow-up – Domino 14.5 AutoUpdate downloads
By Daniel Nashed | 5/26/25, 8:48 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Thanks to everyone who attended my 8:00 AM session on Wednesday. One topic raised during the session deserves a closer look: how Domino AutoUpdate retrieves installation artifacts.
To download product.jwt, software.jwt, and the Notes/Domino web kits, you need at least one server with outbound connectivity to My HCL Software portal (MHS) and the HCL Domino fixlist servers.
Domino AutoUpdate a supports HTTP proxy configurations, including authenticated proxies, which should work in most enterprise network environments.
All downloads are validated against the software.jwt, which includes signed metadata for all supported software packages. This model fits most connected environments.
Completely air-gapped setups are uncommon, and to date, there haven’t been strong or clearly defined requirements for full offline AutoUpdate workflows.
However, it’s still possible to override download URLs in AutoUpdate documents to manually provide software.jwt and web kits from internal sources.
Configure an addtional Notes port on a server
By Daniel Nashed | 5/15/25, 6:48 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
The previous blog post was more dealing with the background about having a second Notes TCP/IP port.
This post focuses to setup a new Notes port end to end using the DNUG Lab environment as an example.
The server I am configuring has two separate IP addresses on two different network cards.
But the same procedure would also work with IP addresses in the same network.
Benefits of running domino with multiple TCP/IP ports
By Daniel Nashed | 5/15/25, 6:47 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Support for multiple TCP/IP ports has been part of HCL Domino since the early days. Back then, it was first essential to support multiple simultaneous modem connections. It also proved valuable for clustered servers using dedicated network cards.
While today’s networks offer 1 Gbit/s or even 10 Gbit/s speeds—making multiple ports less necessary from a raw bandwidth perspective—there are still compelling reasons to use multiple Notes ports in modern environments.
Domino REST API, CORS and Regex
By Paul Withers | 5/5/25, 3:50 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Release 1.1.3.1 of Domino REST API introduces a breaking change in CORS handling. This makes configuration less straightforward, but as the documentation states, it increases the flexibility and probably makes things a lot easier for larger environments. And though regex is not something Domino developers work with regularly, there are tools close to home that can help.
WebSphere 8.5.5 FP27 & HCL Connections… beware!
By Martijn de Jong | 5/5/25, 3:49 AM | Infrastructure - Connections | Added by Roberto Boccadoro
HCL Connections 8.0 CR9 currently lists in its system requirements WebSphere 8.5.5 FP26 as its highest supported WebSphere version. However, I suspect that CR10 will try to support FixPack 27, which became available on April 21st. Brave companies might just update their servers with the latest fixpack, and usually that works just fine. This fixpack, however, has introduced changes in outbound TLS certificate hostname validation. What it does is if WebSphere will make a connection to https://example.acme.org, it will check if the certificate that example.acme.org returns contains my server.acme.org in either the hostname or as a subject alternative name (SAN). If it doesn’t, you’ll be greeted with a message:
Quick Tip: Domino container in your timezone
By Oliver Busse | 4/17/25, 5:18 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Since I always forget about the timezone settings when spinning up Domino in a container, I just wanted to document it here for my own records. The key here is to provide an environment setting directly when issuing the run command. For me this would be the Central European timezone like so:
docker run -d --name domdev -v /local/notesdata:/local/notesdata --hostname domdev.local --cap-add=SYS_PTRACE -e TZ=Europe/Berlin -p 1352:1352 -p 80:80 -p 443:443 domino-container:12.0.2FP6
I Feel Pretty - Native Lotusscript Pretty Print for NotesJSONNavigator
By Robert Baehr | 4/15/25, 3:31 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Having been working with the Lotusscript JSON classes and dealing with the raw output of the .stringify function, I decided to write a native "pretty print" function in Lotusscript. As an example, I generated two Lotusscript NotesJSONNavigators, as shown below. Note: This is not the best "code", but merely an example.
Troubleshooting IBM WebSphere LDAP Security
By Christoph Stoettner | 4/14/25, 4:54 AM | Infrastructure - Connections | Added by Roberto Boccadoro
Most of the LDAP connections from IBM WebSphere Application Server are configured with TLS. So you need to have the root certificate in the WebSphere truststore to connect.
In the past I had several issues where MS Active Directory certificates for LDAPS are only valid for one year. They were automatically recreated on the AD side, and the certificate is not using the domain root certificate but a self-signed one.
Migrate MongoDB 5 to 7 for HCL Connections 8 CR9 update
By Christoph Stoettner | 4/14/25, 4:53 AM | Infrastructure - Connections | Added by Roberto Boccadoro
For HCL Connections 8 CR9, it is mandatory to update MongoDB to version 7. During my first migrations, I encountered some issues and would like to provide workarounds and additional troubleshooting tips to help others with this process.
Better Navigation in Connections Scripts
By Christoph Stoettner | 4/14/25, 4:47 AM | Infrastructure - Connections | Added by Roberto Boccadoro
I haven’t touched the Connections scripts
for a long time, but I recently made some minor updates to fix compatibility issues with newer versions and added small scripts to speed up configuration. I also got the documentation script running from the menu.
Avoiding Inline Styles in XPages
By Paul Withers | 4/8/25, 3:22 AM | Development - Notes / Domino | Added by Roberto Boccadoro
Recently there have been discussions about inline CSS in XPages. The absence of anyone mentioning a feature in XPages prompted me to eventually ask about a piece of functionality relevant to this.
The trigger for the discussions was a change in how XPages handles inline CSS, because CSP (Content Security Policy) blocks inline styles as well as inline JavaScript. This can be circumvented by setting unsafe-inline, but this is not recommended.
I'm not interested in the rights or wrongs of inline content (and there are plenty of opinions on the internet about it) or how the problem was addressed in XPages. I also know there are XPages applications I built which still have inline styles, because XPages allowed me to do it. But there's a way to avoid it and solve it, at just a click of a button. And it appears many XPages developers are not aware of it, even though I was teaching about it in XPages courses over a decade ago.
Adding trusted roots to Domino containers
By Daniel Nashed | 4/7/25, 4:03 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Linux and Domino comes with a good set of public trusted certs.
But in corporate environment you often have to add your own trusted root for a corporate CA.
This starts with Linux which needs certificates to validate repository servers and other resources.
Domino trusted roots
But also within Domino there are are trust stores which need might need central management.
Domino Directory Trusted roots, certstore.nsf Trusted roots can be easily centrally updated.
But the following two trust stores are more difficult to manage:
/local/notesdata/cacert.pem used for HTTP Requests in Lotus Script and other backend code using curl
Domino JVM trust store used by Java
What you should know about Domino "res" files on Linux and AIX
By Daniel Nashed | 4/3/25, 4:56 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
res files actually come from Windows and are used to translate strings for UI and errors.
Those res files are usually linked to the Windows binary.
Linux and AIX also use "res" files in a res/ directory below the binary directory.
The files are essential for a server. All the core code string resources are in strings.res.
Most Domino native servertasks also use string resources.
Wolfi OS - Secure base layer for containers
By Daniel Nashed | 4/3/25, 4:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
This project is pretty cool. It's a container only OS using the kernel from the host.
But it has a couple of really interesting design goals.
https://github.com/wolfi-dev/
They build container base images with the minimum number of packages and "CVE free" as much as possible.
So their own containers for NGINX for example really only have NGINX and nothing around it -- not even a shell unless you install a :latest-dev container.
How to update Domino when running in a container?
By Daniel Nashed | 4/3/25, 4:52 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro
Today I just updated my production environment to Domino 14.0 FP4.
Let me show you how it works if you have everything setup.
HCL Domino and Defensive API Architecture
By Gavin Bollard | 4/2/25, 2:52 AM | Development - Notes / Domino | Added by Roberto Boccadoro
HCL Domino's REST APIs unlock powerful integration capabilities, enabling data exchange with external systems and enhancing business workflows. However, exposing these APIs directly to the internet introduces significant security risks. To mitigate these risks, this blog post explores the concept of 'Defensive API Architecture.'
Fiddling with Tika in XPages
By Patrick Kwinten | 4/1/25, 2:37 AM | Development - Notes / Domino | Added by Roberto Boccadoro
We have the annoying behaviour in an XPages application that users tend to select encrypted or password protected files from their local machine or some sort of expensive drive.
The application manages the process for new products or services and when a decision has been taken for the proposal all the attached files will be combined in a single PDF file and stored in an archive. This combining process does not work well with password protected or encrypted files so either we should disallow the upload of such files or (when nobody has complained (read) about these files) they should be skipped to be combined in the final decision. But prevent uploading should be better of course (and notify the user about the file issue).
So where do you start? Tika claims to be the content analysis toolkit so no looking further you would think.
Notes Client - sending crazy key combinations to interact with Windows
By Jesper Kiær | 3/31/25, 1:49 AM | Development - Notes / Domino | Added by Roberto Boccadoro
In my earlier blog entry I showed how to refresh the Notes Client UI with F5 sending key presses from code.
Using the same technic you can do some wild stuff, since you can almost simulate any keypress on the keyboard.
In an Action button you could for example:
- create email (CNTL + M)
- log out of Notes (CNTL +F5)
- lock Windows Windows key + L)
- show emoji bar (Windows key +.)
- show previews of open applications (Windows key + tab)
- print screen (ALT + PrnScr)