Im moving my existing SSPR setup to a new secure LDAP server.

Needed to generate a new key from LDAP server and import into the java
keystore on the SSPR server.

Done, Configured and working, SSPR now talks to the new Secure LDAP

SSPR still points to the existing UserApp server for forgotten password.
Since the forgotten password setup is not changing I assumed it would
work. This no longer works, it generates error PWM 5015.

The SSPR LOG has:
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.CrUtility, no
available c/r policy for usercn=TManager,ou=TEST,ou=USERS,o=pbc:
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.servlet.TopServlet,
unexpected pwm error during page generation: null
Thu Mar 12 10:23:29 EDT 2015, WARN , password.pwm.config.Configuration,
invalid challenge set configuration: too few challenges are required

I have verified that the same user can use the forgot password link from
the UserApp service but does not work from the SSPR forgot password link
(pointing to UserApp). The UserApp is configured to the new SLDAP server
as well.

Under the SSPR Novell eDirectory - UserApp Password SOAP Service URL
link it states:
You may need to import the HTTPs certificate into the java keystore.

Which HTTP cert is needed? (UserApp server? , do I use - keytool export
cacert? Is the SOAP service cert in a different directory then the JAVA
What java keystore do I put it in? (same SSPR keystore that I put the
SLDAP key into?)

Can someone help me out with this process.

gholdefe's Profile:
View this thread: