EXTMGR_ADDIN_DIRECTORY – additional trusted directory for Extension Manager add-ins

🛠️

Parameter: EXTMGR_ADDIN_DIRECTORY

Short description: Additional trusted search directory for Extension Manager add-ins (security hardening from 14.5).

Profile

Parameter	`EXTMGR_ADDIN_DIRECTORY`
Category	Security / TLS
Component	Server
Available since	14.5
Supported versions	14.5, 14.5.1
GUI equivalent	notes.ini only (no GUI)
Possible values	Absolute directory path, e.g. `C:\HCL\Domino\extmgr` or `/opt/hcl/domino/extmgr`

Description

From Domino 14.5 onwards, for security reasons the Extension Manager (EM) only loads add-ins that reside in the Domino binary directory or the Windows system directories – freely placed DLLs/SOs are ignored. EXTMGR_ADDIN_DIRECTORY allows an additional, explicitly trusted directory to be added in which such add-ins (e.g. third-party tools, custom hooks) may reside.

This makes it possible to keep using legitimate extensions without globally relaxing the EXTMGR_ADDINS hardening rule.

Example configuration


EXTMGR_ADDINS=mySecurityAddin
EXTMGR_ADDIN_DIRECTORY=C:\HCL\Domino\extmgr

Notes & pitfalls

The directory must be readable/executable by the Domino service account and should be protected against write access by third parties.

Only one path per entry – multiple paths are not supported.

Only takes effect once the corresponding add-in names are activated via EXTMGR_ADDINS.

Introduced as part of the security hardening in 14.5 – older Domino versions ignore the entry.

The change only takes effect after a server restart.