Quick Tip: Make IAM play nice with Directory Assistance  

By Heiko Voigt | 1/28/22 4:15 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

We came across the need to have users in a 2nd Domino Directory for a Single Page Application. These are external users, who register themselves and authenticate against IAM to access the application on the web.

Building a Full Domino Image for JUnit Tests  

By Jesse Gallagher | 1/23/22 3:06 PM | Development - Notes / Domino | Added by Oliver Busse

Last year, I wrote about how I built images to use Testcontainers to run tests against a Liberty app that uses a Domino runtime. In that situation, I used the Domino Docker image from Flexnet but then pulled out the program files and stock data, mixed with pre-configured server support files from the repository.

Disable the first run off Lotusscript agents after save  

By Fredrik Norling | 1/21/22 8:22 AM | Development - Notes / Domino | Added by Oliver Busse

If you ever created some Notes/Domino agents and seen that everytime you save them a first run is scheduled outside or ordinary schedule. This can easily be avoided. Just add this code to the top of your agent.

Seamless SMTP failover(and round robin) in outbound Domino connections   

By Cormac McCarthy | 1/20/22 11:25 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

We still get comments on a blog post I did 9 years ago on SMTP Debug for Domino SMTP Routing. (I’ve updated non-working links today). This got me thinking on what other SMTP config would be useful to people. Here I’m going to cover an often underused setting relating to Domino SMTP Routing.

Is your Notes 11 client crashing repeatedly? Look at your Chrome settings  

By Kim Greene | 1/20/22 11:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Comment» One of our clients reported daily Notes Client crashes for some of their users after upgrading their Notes 9.x clients to 11.0.1 FP3 (and later FP4). We narrowed it down to a certain set of steps that would INTERMITTENTLY result in a crash.

PSA: Reverse-Proxy Regression in Domino 12.0.1  

By Jesse Gallagher | 1/20/22 1:23 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For a good while now, I've been making use of the HTTPEnableConnectorHeaders notes.ini property in Domino to allow my reverse proxies to have Domino "see" the real remote system. Though this feature is coarse-grained and is best paired with some tempering, it's served me well when used on appropriately-configured servers. Unfortunately, HCL saw fit to remove this feature in 12.0.1, declaring it a security vulnerability. I don't think this made it into the release notes as such, but did eventually get patched into the "Components no longer included in this release" page for V12. Obviously, the true problem here is that it makes my blog entries retroactively less useful. However, a secondary issue is that it will damage your applications in two main ways if you were making use of these headers:

Patch Orient Me Container  

By Christoph Stoettner | 1/17/22 3:08 AM | Infrastructure - Connections | Added by Roberto Boccadoro

I wrote about font loading from external CDN in the post Hiding The Create Community Button 2nd last year and hoped this is finally fixed for all Connections applications. A good summary on the reasons to not allow external font loading is Blocking Web Fonts for Speed and Privacy So I checked with a Connections 7 deployment with the latest CFix (CFix.70.2112) deployed, if this is still an issue with Connections. In former Connections' versions we found external fonts loaded in Orient Me (/social), Communities Catalog (/communities) and the Admin panel (/cnxadmin/).

DQL, QueryResultsProcessor, and JNoSQL  

By Jesse Gallagher | 1/14/22 11:23 AM | Development - Notes / Domino | Added by Roberto Boccadoro

As I've been adding new technologies to and talking about the XPages Jakarta EE project, I've kind of danced around a major missing layer: data access.

Installing Tivoli/Security Directory Integrator on RHEL 8ì  

By Martijn de Jong | 1/14/22 11:21 AM | Infrastructure - Connections | Added by Roberto Boccadoro

On a new SDI 7.2 installation (with Java 8 and the latest Connections TDISOL directory for Java 8), I ran into a weird error: CTGDKG023E Error while starting main class.java.lang.reflect.InvocationTargetException .. Caused by: java.lang.UnsatisfiedLinkError: i4clntjni (Not found in java.library.path) Luckily, Google could help me on this one. This technote shows that if there are missing libraries, SDI doesn’t properly install and you will have to uninstall SDI, install the missing libraries, and reinstall SDI.

Intercepting Class Loading in OSGi, A Travelogue  

By Jesse Gallagher | 1/11/22 1:55 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Yesterday, I had a problem. I was trying to get MicroProfile Config working inside an NSF to add to the XPages Jakarta EE project, and I was severely blocked by odd behavior. To describe that, I'll lightly cover what MP Config is. It's a CDI extension that allows you to annotate properties on a bean to indicate that they're intended to come from an available configuration source - often a .properties file in the project, but it's a pluggable system.

Domino Actually Does Need To Be Restarted Regularly  

By Ted Hardenburgh | 1/11/22 1:54 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

For those of us that have run Domino for a long time, one of our bragging points has been that Domino can run for a long time without needing a restart. This was especially true if we were running on System i/iSeries/AS400. Windows servers seemed less likely to have long times between restarts. Well, apparently this isn’t a great idea according to a new Defect Article from HCL Support. If Domino is running for about 248 days, the creation date of Domino documents can be incorrect if a copy-style compact or server restart isn’t performed.

Important Domino 12.0.1 IF1 for customers using DAOS  

By Daniel Nashed | 1/10/22 2:50 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

This issue has been already in 12.0, but was discovered to late to be included into 12.0.1. HCL worked hard to get IF1 out ASAP. There was a hotfix already available end of the year. But IF1 take a bit longer than distributing a hofix -- there is more testing is involved.

Migrating a Large XPages App to Jakarta EE 9  

By Jesse Gallagher | 1/7/22 1:59 AM | Development - Notes / Domino | Added by Oliver Busse

Last month, I moved my XPages Jakarta EE project to JEE 9, which involved the large hurdle of switching package names from javax.* to jakarta.*. That was all well and good for the project and opened the door to further improvements, but it's one thing to do it in a support library and another to move an actual large project over.

Introducing Domino One-Touch JSON templating - Without manual JSON editing :-)  

By Daniel Nashed | 12/30/21 6:09 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Domino One-Touch setup with JSON format is really great stuff -- I love it since day one. But it might be a bit difficult to edit for many admins -- Even if you use an prepared template, you have to edit the JSON file in an editor to specify server name, etc. Using variables ala Helm or Ansible makes a lot of sense and if you leverage existing JSON config templates, you might get away with not editing JSON at all. Both using the {{ Variable }} syntax. But I am more used to the shell variable syntax: ${Variable}. So I implemented both.

Domino 12.0.1 One-Touch setup supports MicroCA and import existing certs  

By Daniel Nashed | 12/30/21 2:28 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Did you notice already that the One-Touch setup supports importing TLS Credentials for a first server setup? You can pass a *.kyr file, a PKCS#12 (*.p12, *.pfx) or *.pem file. The files can even have a password and you can mark the resulting TLS Credentials file for export with a new password! So the full import functionality added in Domino 12.0.1 CertMgr UI is exposed in One-Touch setup for ENV variable and JSON formatted setup!

Introducing a Lab CA for testing  

By Daniel Nashed | 12/30/21 2:27 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Domino 12.0.1 CertMgr provides a MicroCA for testing. You can create any type of TLS web server certificate for any name. The only restriction is that the private key cannot be exported and is recreated every time you renew the certificate. It's designed as a very easy to use, simple small CA. But this is already pretty cool for internal test environments. You can even deploy the trusted root into your browsers.

Why does certificate management need that complicated?  

By Daniel Nashed | 12/29/21 2:41 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Certificate management is not rocket science and it looks like we just have too complicated tooling. Why does certificate information need to be displayed that cryptic? And why does certificate conversion need to be that complicated with cryptic parameters? OpenSSL command line is the standard Swiss army knife. But why is it that complex to use? Probably because it has been written over the years and it is built by geeks for geeks .. Domino 12 comes with CertMgr and cerstore.nsf and is very easy to use. With 12.0.1 the export/import functionality can be used to convert certificates. And we are using it for customers already to convert certificates for external applications.