Anonymous_User Absent Member.
Absent Member.

Moving SSPR to new LDAP, forgotten password to UserApp broke

I’m moving my existing SSPR setup to a new secure LDAP server.

Needed to generate a new key from LDAP server and import into the java
keystore on the SSPR server.

Done, Configured and working, SSPR now talks to the new Secure LDAP

SSPR still points to the existing UserApp server for forgotten password.
Since the forgotten password setup is not changing I assumed it would
work. This no longer works, it generates error PWM 5015.

The SSPR LOG has:
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.CrUtility, no
available c/r policy for usercn=TManager,ou=TEST,ou=USERS,o=pbc:
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.servlet.TopServlet,
unexpected pwm error during page generation: null
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.config.Configuration,
invalid challenge set configuration: too few challenges are required

I have verified that the same user can use the forgot password link from
the UserApp service but does not work from the SSPR forgot password link
(pointing to UserApp). The UserApp is configured to the new SLDAP server
as well.

Under the SSPR – Novell eDirectory - UserApp Password SOAP Service URL
link it states:
You may need to import the HTTP’s certificate into the java keystore.

Which HTTP cert is needed? (UserApp server? , do I use - keytool export
cacert? Is the SOAP service cert in a different directory then the JAVA
What java keystore do I put it in? (same SSPR keystore that I put the
SLDAP key into?)

Can someone help me out with this process.

gholdefe's Profile:
View this thread:

1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: Moving SSPR to new LDAP, forgotten password to UserApp broke


It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your issue been resolved? If not, you might try one of the following options:

- Visit and search the knowledgebase and/or check all
the other support options available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (

Be sure to read the forum FAQ about what to expect in the way of responses:

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your NetIQ Forums Team

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.