Documentation
    {{docApp.userSession.userId}}
    {{docApp.userSession.userName}}
    {{docApp.userSession.email}}
    Issuer : {{docApp.userSession.issuerInstance}}
    Expires : {{new Date(docApp.userSession.validUntil).toLocaleDateString()}}

{{docApp.title}}

{{docApp.description}}

INDEX

Documentation Library

Search for information on Hornbill Documentation.

{{docApp.searchError}}

{{docApp.searchResultFilteredItems.length}} results for "{{docApp.currentResultsSearchText}}" in {{docApp.searchFilterBySpecificBookTitle}}

Have questions about this site?

What is this site?

  • This website is Hornbill's new product documentation website and is currently under development.
  • It is intended that all existing and future public-facing documentation we produce will be available to search, browse and share.
  • Hornbill's current documentation is available at Hornbill Wiki but over time this content will be migrated to this documentation site.
  • Please feel free to have a look around at any time.

Why has Hornbill created this site?

  • Hornbill's products have moved on considerably since we introduced it almost 10 years ago. At the time, the MediaWiki tool was sufficient, but we have outgrown it.
  • Our customers are more enterprise focused and more self-sufficient than ever before, so for 2023 and beyond we have established a new documentation platform and team to drive our documentation initiative forwards.
  • We are aiming to deprecate the use of Hornbill Wiki for most Hornbill related documentation.
  • We want to enable our growing partner network with product resources and information, documentation beyond our Wiki approach is required.
  • We could definitely do with some help, and may even pay for some! If you have domain knowledge and would like to help, please check out our Hornbill Docs Contributor Guide and contact the Hornbill docs team at docs@hornbill.com.

What will this site be good for?

  • Community contribution will be facilitated, encouraged, and most welcome.
  • High quality documentation, will be kept up to date as rapidly as our products evolve.
  • Real-time content search and discovery.
  • Articles organized into books, books into libraries, creating a more natural and logical structure to our documentation.
  • Legacy API documentation and various other documentation sources will all be consolidated into a single unified documentation system.
  • Documentation available in browser as well as printable/viewable as PDF on demand.
  • Personalized documentation experience, allowing dark/light mode, article subscriptions, social media sharing and other useful features.
  • Almost all publicly available documentation on docs.hornbill.com will be open-source and available to fork on GitHub, allowing customers to derive their own custom documentation around Hornbill products should they wish to.

What is the timeline for this site?

  • We have taken the decision to publish and make available early, there is very little content at this time.
  • As and when we have completed/usable documentation, it will be published here.
  • We have a host of additional features we wish to add over time, so please watch this space.
  • We expect most of our existing documentation should be reviewed/migrated to docs.hornbill.com over the coming months.
  • The documentation project will be ongoing, will continue to expand, evolve and improve day-by-day.

{{docApp.libraryHomeViewProduct.title || docApp.libraryHomeViewProduct.id}}

{{docApp.libraryHomeViewProduct.description}}

  1. {{book.title}}

{{group.title || group.id}}

{{group.description}}

  1. {{book.title}}

{{group.title}}

{{book.title}}
More...

Authentication

The User Import - LDAP utility uses API Keys to authenticate all API calls into Hornbill instances, and KeySafe to securely store LDAP credentials.

API Keys

For the utility to read, create and update records via the Hornbill API, it requires an API Key to be securely stored alongside the client.

User

Every action within Hornbill must be performed in the context of a user account. As well as the chosen user account possessing the User Import role (see below) which facilitates the creation of the user accounts into the Hornbill platform, and the updating of user properties, the user account must possess roles for the applications that you are granting access to via the import utility. The above comment about roles refers to the Hornbill Security Model when associating roles with user accounts. This security measure prevents you from inflating your session rights, or granting a user more rights than you have yourself.

Important

We strongly recommend that you create a Service Account in your Hornbill instance, and API Keys against that account which can then be used to perform the required API calls back into Hornbill.

Please read the API Key documentation and best practice guide before creating API keys against your user records.

The service account that you create must be of type User (not Basic), and be granted the following roles:

  • User Import - Allows the utility to create and update users, and associated records, in the Hornbill Platform.
  • Basic User Role - Allows the utility to assign Core basic user roles.
  • Self Service User - Allows the utility to assign Service Manager roles.
  • Board BPM Access - Allows the utility to assign Board Manager roles.
  • Docmanager Portal - Allows the utility to assign Document Manager roles.

API Key Rules

The User Imports require access to the following Hornbill Platform APIs, and your API Key rules should reflect those, plus additional security hardening in the form of IP rules:

activity:profileImageSet 
admin:keysafeGetKey 
admin:sysOptionGet 
admin:userAddGroup 
admin:userAddRole 
admin:userCreate 
admin:userDeleteGroup 
admin:userProfileSet 
admin:userSetAccountStatus 
admin:userUpdate 
data:entityAddRecord 
data:entityGetRecord 
data:entityUpdateRecord 
data:queryExec 
session:getSystemLicenseInfo

KeySafe

For the import utility to access LDAP data, authentication credentials are required to be stored in KeySafe.

Note

We recommend that you read the KeySafe documentation before storing credentials in KeySafe.

Key Creation

  • In Hornbill, navigate to Configuration > Platform Configuration > KeySafe;
  • Click + Create New Key
  • Choose a key type of LDAP Authentication
  • Give the KeySafe key a Title
  • Optionally add a Description
  • Populate the following fields on the form:
    • Host - The IP address or hostname of your LDAP host.
    • Port - The port to access your LDAP through. 389 (LDAP) and 636 (LDAPS) are commonly used values.
    • Username - The username of the account that should be used to authenticate the connection to your LDAP.
    • Password - The password for the above account.
  • Click Create Key

Once the key has been created, you can then lock access to it down to the API Key created against your service account. See the KeySafe documentation for more information regarding this.

Key Example

KeySafe LDAP Example
  • Version {{docApp.book.version}}
  • Node {{docApp.node}} / {{docApp.build}}
In This Document