From the security standpoint you should not allow your site owners to load any binary extensions that you have not approved and uploaded to the global extension directory. If you want to offer your customers ioncube and zend decoders, then you should put them into the global extension directory.
Regarding the dl() function, as far as I know you have to specify the complete path to the extension if it is not in the global extension directory. E.g. if you allow dl() function calls for your customers and the extension is in website root directory of web3, then try something like dl('/var/www/clients/client1/web3/abcd.so')
You should see the php documentation for details, it is described there where dl searches for extensions: