Good day,

while creating express middleware components using the AppDevPack and domino-db I came across the need to sort a resulting JSON object by one of its attributes:

In the following sample, I wanted to sort the object by the "position" attribute in my node/express app.

var design_docs = {[


: "erstellt",
: "$20",
: 1,
: false,
: false,
: true


: "letzte Änderung",
: "$22",
: 2,
: false,
: false,
: true


: "Maske",
: "Form",
: 3,
: false,
: false,
: true


: "Akentz.",
: "$26",
: 4,
: false,
: false,
: true


: "Typ",
: "$27",
: 5,
: false,
: false,
: false


: "Bearbeiter",
: "$15",
: 6,
: false,
: false,
: true


: "Betreff",
: "subject",
: 7,
: false,
: false,
: false


After some googleing around, I came across a very nice option to do that using loadsh - so check this out in case you need it at some point:

To install using npm use:

npm i --save lodash

First,. let's import lodash:

_ = require('lodash');

Next, wie will pick the "orderBy" function for sorting:

orderBy = require('lodash/orderBy');

Now, let's sort our object in ascending order:

sorted_asc = orderBy(design_docs,'position');

To change that to descending order we simply add:

sorted_desc = orderBy(design_docs,'position').reverse();

Done ! This works on all data types I tested (date-time, numbers, strings, booleans).

Happy coding !


Heiko Voigt   |   5 November 2019 12:32:37   |    domino-db  NERD  Node.js  JavaScript    |   Comments [0]

Image:Live broadcast from Tokyo, Dec. 4: HCLs global product launch for N/D V11, Sametime 11 and Connections 6.5
Image:Live broadcast from Tokyo, Dec. 4: HCLs global product launch for N/D V11, Sametime 11 and Connections 6.5

Join HCL as they broadcast live from Tokyo on December 4, at 9 a.m. ET, when they announce HCL’s first major releases for Domino V11, Notes V11, Sametime V11, and Connections 6.5. Tune in on this historic day for live demos, news, roadmaps, technical sessions, and strategy roadmaps — and to learn about the future from executives, thought leaders, and technical wizards. Some of the highlighted presentations include:

  • Live from Tokyo Keynote: A Major HCL Milestone. These new releases represent our commitment to relentlessly modernize and innovate these products. Come hear how.  
  • Myth Busters. “Domino is old. It's uncool. It isn't valuable to my business anymore. Connections is built for engineers by engineers.” We’ve heard them all. Let us show you why they're wrong.  
    • The CIO’s Imperatives for 2020: How are the most strategic and successful CIOs preparing for the next decade? Putting customers first and making IT the department of “yes,” for starters. Come learn what else is essential to leadership.  
  • Domino V11: Why Modernizing Beats Migrating. Get ready to rethink what you know about Domino, and let us prove why V11 is the smartest choice for your current and future app-dev decisions.  
  • We Hear You:  HCL Connections 6.5 = More Value from Your Investment. During the #LetsConnect customer jams, the Connections Ideas Lab and countless other points of input, we have been listening to you. With 6.5, we’re delivering even more value for Connections and laying the foundation for what’s to come.   Tune in live, December 4, 2019, 9 a.m. ET.


  • Heiko Voigt   |   24 October 2019 11:21:04   |    HCL  Domino  Notes  Sametime  Connections    |   Comments [0]

    Heiko Voigt   |   2 October 2019 15:19:12   |     |   Comments [0]

    Image:I will be speaking at CollabSphere 2019 about Domino AppDev Pack, Node.JS, React and OAuth !

    Look what made it's way to my inbox recently, after Hurricane Dorian finally made its way out of Nova Scotia:

    CollabSphere 2019


    Congratulations, your session titled: "What is Cool with the Domino AppDev
    Pack, OAuth, Proton and Node.js, and Why Would I use it in my Domino Apps
    Anyway?" has been accepted for MWLUG/CollabSphere 2019.

    Thanks to Richard Moy and the Collabsphere Team for accepting this session that I will be happily co-presenting with Graham Acres from Brytek Systems in Vancouver.
    This will NOT be the same-old stuff from Engage and DNUG but a renewed and revised version with lot's of new stuff included so stay tuned !


    Heiko Voigt   |   10 September 2019 14:05:09   |     |   Comments [0]

    Heiko Voigt   |   17 May 2019 15:12:45   |    NERD  React  Node.js  domino-db  express    |   Comments [1]

    16 May 2019 Thursday

    Impressions from Engage 2019

    Wow, these were three great days !

    This has been my 2nd Engage Conference that i attended, the first one as a speaker. Theo Heselmans really outdid himself again this year by finding a cool venue (Autoworld Brussels) and topping it off with perfect logistics like always.

    The first day on monday (pre-conference) was used to help set up the venue and to start to dive into the community be meeting my fellow yellow peeps being other business partners and IBM Champions. The IBM Champions happy hour at the Sofitel was highly appreciated (thanks Libby !) and the first evening finished off with talks amongst friends having italian pizza and a glass of wine at the sofitel bar.

    Image:Impressions from Engage 2019

    Day 1 of the conference started with a great keynote session with several speakers. The most impressive one for me was delivered by Richard Jefts (HCL), announcing and speaking about Digital Solutions, the new organisational home for the ICS portfolio inside HCL.

    Image:Impressions from Engage 2019

    The Maple lounge attended Engage as well one more year and you will see interviews with Tim Clark (HCL) about the HCL Masters program as well as an interview with Francois Nasser about the HCL Partner porgrams and sales processes inside HCL shortly on the C3UG youtube channel.

    Image:Impressions from Engage 2019

    I attended roundtables and sessions for the rest of the day, I especially liked Knut Herrman's session about building web components for Domino and the future directions for the AppDevPack and DQL by Dan Dumont.

    Theo invited us to a VIP dinner in the evening in Brussels - food at talks where fantastic.

    Wednesday, Day 2 started mostly in preparing my own session, but I was able to attend the Notes 11 preview with Ram Krishnamurthy - we saw a first glimpse of Notes 11 including PDF Export and Meetings extending over midnight !

    My session later in the morning with Graham Acres abaout the Domino AppDev Pack, React and Node.JS was well received - the room was packed and the Demo worked as planned:

    Image:Impressions from Engage 2019
    Thanks Serdar Bergamez and Paul Harrison for taking pictures and shoot the video !

    Image:Impressions from Engage 2019

    Image:Impressions from Engage 2019
    The audience was able to use the demo app live and they did ! The slides and the code will be available from the C3UG Github Repo shortly.

    In the afternoon I visited the Domino on Docker Bootcamp with Thomas Hampel and Daniel Nashed and the Domino and SSO session by Danielle Vistalli - two great sessions again !

    Finally, Theo closed the doors with a farewell drink and the IBM Champions picture of the year and finished it off with a speakers dinner at the Atomium in Brussels - as my flight went out early, I wasn't able to attend that but lucky enough, the day later, brussles aiport was on strike and I would have probably missed my flights back home

    Image:Impressions from Engage 2019

    Thanks again Theo + Hilde for this great event - I am looking forward to next year already. For those of you who were not able to see our session - feel free to visit us at DNUG on June 4th and 5th in Essen, Germany !



    Heiko Voigt   |   16 May 2019 15:36:18   |    C3UG  NOtes  Domino  Connections  EngageUG    |   Comments [0]

    The Domino AppDevPack 1.0.1 is available for download from Passport Advantage or the Software Access Catalog. Part-Number is: CC0NGEN

    It now supports Linux and Windows servers and comes with a pilot install option for IAM to get you started quick & easy to test-run the OAUTH2 components.  Here's the 'What's new' Section from the Documentation:

    What's New in Release 1.0.1
    Release 1.0.1 includes the following new features:
    • IAM service is officially released.
  • Microsoft Windows support. Both Proton and IAM can now be deployed to Windows.
  • Compute with form support for create, read and update operations. See Compute with form for details.
  • The ability to read and write $REF items. For more information, see NOTEREF_LIST.
  • A test script for verifying your connection to Proton. For more information, see Proton Test Script.
  • Node.js 10.x support. This version of domino-db was tested with Node.js 10.x. Previous versions of Node.js are deprecated.
  • Heiko Voigt   |   26 March 2019 16:53:24   |    #dominoforever  #domino-db    |   Comments [0]

    26 March 2019 Tuesday

    C3UG: See us at Engage !

    Hurray !

    thanks Theo for picking up our session about:
    What is Cool with Domino V10, Proton and Node.js, and why would I use it in my Domino Apps Anyway?

    In this development oriented session, we will present an overview of the possibilities of extending your Domino dev environment to use Node.js and modern front end frameworks like React. What is it that makes these new tools so appealing? What do they give me that I didn’t have before? We will show you how to get started and how to make it all work with your Notes client apps. Using a simple questionnaire demo app we will show you how you can teach that legacy Domino dinosaur some cool new tricks. You will leave with the demo app and the source code to be productive in Domino V10 right away.

    Co-IBM Champion and Co-C3UG staff member Graham Acres from Brytek in Vancouver and myself from Halifax will join forces in a East-Coast meets West-Coast presentation with a lot of sample and demo code to give away.

    Come join us on Wednesday, May 15 | 11:30 - 12:30 | D. Minerva !

    Image:C3UG: See us at Engage !
    Thanks again to the team at #engageug - we are happy to be part of the show !
    Heiko Voigt   |   26 March 2019 09:39:18   |    #c3ug  #dominoforever  domino-db  rect. #engageug    |   Comments [0]

    This is the 2nd post in my "IAM dabbeling" sequence - as a preamble let me say upfront that I am not an administrator and no expert in the TLS/SSL arena. I am a (web) developer who wants to use OUATH2 in my Node.JS applications with Domino. That said, some experts out there might be finding easier/better ways to achieve this goal - I'm happy to learn. What I do here is to write down the path that worked for me - yours might be different/easier/quicker - feel free to comment.

    With that, let's get started with the basics of setting up IAM which is: Setting up the proton task on your domino server and securing it using SSL encryption and Authorization.

    First thing up - as we install the Domino appdev pack, we have to run the proton server add-in task on a linux Domino server. The current version (february 2019) is only available on Linux. This is the proton protocol task for Domino only - domino-db as the Node.js package can be run on any platform - in my case all the test node applications (proton clients) are running on MacOS.

    I will not go into any details regarding the setup of a Domino server on Linux - there are other guides out there that shold help you along like here:$File/Domino9onCentos6.pdf

    Also, please do yourself a favour and use the brilliant start script of lifetime champion Daniel Nashed, you can request it here:

    I am not using Docker containers for now, I decided that a VM running CentOS 7.5 would be sufficient for me. In case you want to use Docker, keep an eye on Daniel Nasheds Blog as well as he is heavily envolved in making these happen. Also check out the following repo from Thomas Hampel as starting point for Docker and Domino:

    So let's assume you have a VM with CentOS 7.x and Domino 10.0.1 installed. You have a user for Domino that ideally is part of the SUDOs group.

    My Domino Server paths are the following, please take note of yours accordingly:

    Server BIN: /opt/ibm/domino/bin

    Server-Files: /opt/ibm/domino/notes/latest/linux

    Data-Directory: /local/proton/domiodata (yeah, I know, why use standards?!)

    Make sure that your user for domino as r/w access rights in these directories and files.

    I downloaded the Appdev pack to my /install directory.

    Make sure that OpenSSL is working on your VM (Command line: openssl version should be giving something like: OpenSSL 1.0.2k-fips  26 Jan 2017)

    Step 1: Take note of your hostnames.

    My Domino server cerrtifier is: CN=Proton1/O= C3UG/C= CA

    My Domino host name is: which is an alias for:

    My VM's hostname: which is coming from my DHCP server (to find out your current hostname use:

    hostnamectl status

    on the command line. using hostnamectl set-hostname

    allows you to set/change your hostname if needed.

    I also added the basic alias proton1 to my hosts file in the CentOS VM to as an additional alias as well as my Domino alias

    Step 2: Firewall Considerations

    CentOS 7.x runs systemd firewall per default. using Webmin or other visual tools you can open up the ports needed by the various tools or do as I did and disable the VMs firewall as it is always running behind the Macs firewall plus the routers firewall. DO NOT DO THIS IN PRODUCTION - this is for dev/test purposes only !!!

    To disable system3 use these commands as root:

    systemctl disbale firewalld


    systemctl stop firewalld

    (to reverse that:
    systemctl enable firewalld


    systemctl start firewalld

    to check the state use: systemctl status firewalld)

    Step 3: Install Node.js

    Now, to run the IAM server on top of the Domino server, we need to install Nodes.js. Currently (February 2019) IAM supports Nodejs V8.12.0 which can be found here:

    The link including the package name is:

    Then, we have to install node manually as we can not use the latest stable release. I found this pretty helpful:

    Install a Package from the Node Site

    One option for installing Node.js on your server is to simply get the pre-built packages from the Node.js website and install them.

    You can find the Linux binary packages
    here. Since CentOS 7 only comes in the 64-bit architecture, right click on the link under "Linux Binaries (.tar.gz)" labeled "64-bit". Select "Copy link address" or whatever similar option your browser provides.
    On your server, change to your home directory and use the
    wget utility to download the files. Paste the URL you just copied as the argument for the command:
    cd ~

    Note: Your version number in the URL is likely to be different than the one above. Use the address you copied from the Node.js site rather than the specific URL provided in this guide.

    Next, we will extract the binary package into our system's local package hierarchy with the
    tar command. The archive is packaged within a versioned directory, which we can get rid of by passing the --strip-components 1 option. We will specify the target directory of our command with the -C command:
    sudo tar --strip-components 1 -xzvf node-v* -C /usr/local

    -> Remark by Lothar Müller (edcom): in his version of CentOS (7.6) the syntax has changed so please try in case this is not working for you:
    sudo tar --strip-components=1 -xzvf node-v* -C /usr/local

    This will install all of the components within the
    /usr/local branch of your system.
    You can verify that the installation was successful by asking Node for its version number:

    node --version


    The installation was successful and you can now begin using Node.js on your CentOS 7 server.

    This is the link where I shamlessly copied the above paragraph:

    Step 4: Setup PROTON on the Domino Server

    Stop your domino server.

    open a command line and switch to


    make sure is present (ls -l

    expand the proton-addin archive (in my case from /install)

    sudo tar -xvf /install/proton-addin-.tgz
    ("TAB" is your friend here !)

    fixup file permissons and ownership

    sudo sh -v ./

    start the Domino server

    at the console you should see

    PROTON> Build -xxxxxxxxxxxxxxxxx
    PROTON> Listening on,
    port 38770, INSECURE
    PROTON> Note: Requested
    port was 0, Actual listen port is 38770
    Server initialized
    Server only allows Anonymous access.

    if not, issue a "load proton" command and check outputs

    if necessary, add the PROTON task to the SERVERTASKS= line in the notes.ini in /local/proton/dominodata/notes.ini in my case.

    The proton task should now be up and running

    Step 5: Securing PROTON with SSL and Client Authentication

    Step 5.1: Downloading and installing the KYR-Tool

    If you ever dealt with SSL and Domino you might be familiar with the KYR-Tool. If not, this is a special tool to package SSL Certificates in a keyring file in a way that Domino can consume. This tool is not be default part of the domino server install and has to be downloaded seperately. You can find the download here:

    You will need the Linux 64 bit version and have your IBM-ID at hand :-)

    the resulting file "kyrtool" must be placed in /opt/ibm/domino/bin/tools/

    This position causes some issues with the scripts IBM/HCL provided to create our certificates in the next section.

    Step 5.2: Creating the certificates that are needed.

    In this tutorial, we will focus on self-signed SSL certificates and the scripts that are provided therefor by IBM/HCL in the appdev pack.

    First, we have to create the base Certification Authority (CA) and the CRT and KEY files for the proton server and the technical user.

    This is done by the script:

    Of course, we have to make some changes to this script before running it - it has to be tailored to your domino server.

    using nano, edit the script. Here are my changes (athe top and the  the bottom section of the file)


    if [[ -f ca.key || -f ca.crt ]]


          echo "CA already exists."


          # Generate CA private key

      (set -x ; openssl genrsa -passout pass:1234 -des3 -out ca.key 4096)

      # Self-Sign CA key

      (set -x ; openssl req -passin pass:1234 -new -x509 -days 365 -key ca.key -out ca.crt -subj "/O= C3UG/CN= C3UG-Test-CA" -sha256)

    These changes are related to my certifiers in Domino. I would think they are not needed but I had issues importing the client certs later for the technical users without them. Might as well be only me but this worked for me.


    create_key server "/O= C3UG/CN=PROTON1" ""

    create_key app1 "/O= C3UG/CN=app1" ""

    create_key app2 "/O= C3UG/CN=app2" ""

    After some talks on slack with Oliver Busse, please make sure that your file access to the Domino paths is correct for the notes user. Sometimes even running the scripts using sudo gives you errors with certain files, e.g. server.key. In this case, check your permissions, delete the old stuff from a previous run and try again. Running as root is a option but you will have to chown your user right after running the scripts for the notes user or you have the next pitfall. Don't worry, running those scripts does not do anything harmfull to your environment so you can run them until the result is ok. patience is of the essence here.

    This will create "server.key, server.crt, app1.crt, app1.key, app2.crt, app2.key, ca.crt and ca.key, etc.)

    Step 5.3: Create the Domino Keyring file

    In a great effort, Oliver Busse fixed the scripts, so download from here:

    and copy them to /opt/ibm/domino/notes/latest/linux/

    using nano, edit the kyrtool function of your file to point to your notesdata folder, in my case /local/proton/notesdata

    I also recommend to rename the keyring and the stashfile names "sample1.kyr" and "sample1.sth" into something more meaningfull like your servername, in my case proton1.kyr and proton1.sth

    running this script, you will end up having 2 new  files in /tmp:

    - proton1.kyr

    - proton1.sth

    copy those files to /opt/local/proton/dominodata

    Step 5.4: Setting up SSL for PROTON

    Stop your domino server.

    Got to /local/proton/dominodata (your data directory that is)

    edit notes.ini using nano.

    Add the following lines to your notes.ini if not yet there:





    restart the domino server, PROTON TASK should start saying secure and anonymous access only.

    Step 5.5: Create technical user and import client certificate

    refer to this section here:

    Client authentication

    Proton authenticates client application requests based on the setting of the PROTON_AUTHENTICATIONnotes.ini setting. Valid options are:

    client_cert: The client certificate is mapped to a Person document in the server's directory. Access to data is calculated based on this identity. Proton must be enabled for TLS/SSL for this option.

    anonymous: All requests are made as the Anonymous user identity. This name does not need to appear in the directory, but it does need to exist in database ACL. This option is available with and with out TLS/SSL being enabled.

    The default behavior when the setting does not exist is to provide Anonymous access to Domino databases.

    Client certificate authentication

    To require that applications provide a valid client certificate set the following notes.ini variable:


    With this setting enabled there are some additional administrative and client requirements.

    1. The client application must supply a valid client certificate when making domino-db requests to the Proton server on Domino. The common name in the client certificate must have a name that can found in the Domino directory. Proton performs a lookup in the Domino directory to find the person document.
    2. The Domino administrator must create a Person document in the Domino directory and perform the Import Internet Certificates Action on the Person document. This is required because the client certificate is verified against the known certificate in the Domino directory.
    Image:IAM dabbeling - Post 2: setting up proton and testing

    Now - a lot of people get stuck here - import the certificates by importing the app1.crt file. No need to create a *.pem or whatever.

    Example using app2, please use app1 for your demo:

    Create a person record for app1. Then after saving it, select the Actions Menu...

    Image:IAM dabbeling - Post 2: setting up proton and testing
    and select "Import Internet Certificates" ! This brings up the following dialog:

    Image:IAM dabbeling - Post 2: setting up proton and testing
    Select "All Files" an pick the app1.crt file !

    Image:IAM dabbeling - Post 2: setting up proton and testing
    use the app1.crt here !

    Image:IAM dabbeling - Post 2: setting up proton and testing
    keep the format as is.

    Image:IAM dabbeling - Post 2: setting up proton and testing
    Click "accept all"

    Image:IAM dabbeling - Post 2: setting up proton and testing
    Save & Close and re-check:

    Image:IAM dabbeling - Post 2: setting up proton and testing
    Done !

    Step 5.6 Add Client Authentication to PROTON

    Stop the domino server

    edit notes.ini

    add the following line to your Notes.ini:


    restart your server.

    Now, this concludes the SSL/Authentication part !

    Step 6: Test your configuration

    Now, let's start coding a bit.

    The appdev pack comes with samples that let you test the connectivity using SSL and Authentication:

    Use the domino-db Quick start sample. Here's a configuration for your domino server access using SSL and Client Authentication:

    Image:IAM dabbeling - Post 2: setting up proton and testing

    I am using ca.cert, app1.crt and app1.key from above and copied them into the project. Here's the source of my server-config.js code.

    That concludes my first steps for me to set up PROTON on Domino !
    var fs = require('fs');

    var path = require('path');

    const readFile = fileName => {

    try {

    return fs.readFileSync(path.resolve(fileName));

    } catch (error) {


    return undefined;



    const rootCertificate = readFile('./certificates/ca.crt');

    const clientCertificate = readFile('./certificates/app1.crt');

    const clientKey = readFile('./certificates/app1.key');

    const { useServer } = require('@domino/domino-db');

    const serverConfig = {

    hostName: '', // DNS (!) Host name of your server

    // See scripts to create kyr-file and ca for adoption !

    connection: {

    port: '3002', // Proton port on your server

    secure: true,


    credentials: {






    module.exports = serverConfig;

    Heiko Voigt   |   14 February 2019 09:19:00   |    Domino  OAUTH  proton  domino-db  nodejs    |   Comments [2]

    Wow, finally !

    With some great help from HCL (thanks to the HCL Client Advocacy Program and Gordon Hegfield in person ! ) I was able to master the setup of the OAUTH2 provider for Domino !

    So, how is my environment set up ?

    Image:IAM dabbeling ... first setup successfully done. Post 1 of many to come....

    To set up IAM, I followed the documentation (I will go through these setup steps in later posts):
    • Install Domino
  • set up PROTON
  • set up design catalog
  • secure PROTON using SSL and Authentication (fixing scripts)
  • add person record for technical app user and add certificates
  • Testing with the sample code from the documentation
  • Set up ID-Vault
  • Create IAM Storage Database from template, sign, add to design catalog
  • Register technical user for IAM server
  • Create client certficate for IAM user using the PROTON CA
  • IAM Server Configuration and fiddeling with ports
  • set up credential store
  • configure LDAP
  • configure IDP
  • Setting up IAM Client app and examples
  • Banging head against walls on which certificate to use for OAUTH2_DSAPI_KEYRING= Notes.ini parameter
  • Asking HCL for Help
  • Getting Help within 1 hour !!!!
  • Hussa ! Made it !
    So, bare with me if it might take me a while to write down all my alien encounters on that venture - I will start ASAP.

    Here's what the final result looks like, you can't believe how lucky I feel seeing this finally working.

    Image:IAM dabbeling ... first setup successfully done. Post 1 of many to come....



  • Heiko Voigt   |   13 February 2019 13:25:17   |    Domino  Node.js  domino-db  IAM  OAUTH2    |   Comments [0]