tags:

views:

468

answers:

2
Q: 

Problems requesting the LDAP: The server is unwilling to process the request.

We have written an authentication provider for a SharePoint web application which can requests multiple LDAP directories.

One of the LDAP server have to be requested via SSL. So we imported the CA certificate which was used to sign the LDAP server's certificate into the certificate store of the SharePoint server.

The following code snippet shows how we authenticate an user. The passed credentials (account, password) belong to the user we want to authenticate. 

 var entry = new DirectoryEntry("LDAP://<ldap-server-address>", "cn=account,ou=sub,o=xyz,c=de", "password", AuthenticationTypes.SecureSocketsLayer);
 var searcher = new DirectorySearcher(entry);                
 var found = searcher.FindOne();

When the code is processed, the call to searcher.FindOne() throws following exception.

System.Runtime.InteropServices.COMException (0x80072035): The server is unwilling to process the request

What circumstance can lead to this error?

UPDATE:

I found some information about the error message. There the problem seems to be the certificate store, as the user has only stored the certificate in the in the user's store and not in the computer's store. Unfortunately we've already stored it there. So could this be still a certificate issue?

UPDATE/SOLUTION:

Actually the problem is solved. It seems as if the root CA certificate was imported correctly but the error messages the LDAP server responded was caused by an expired user account our customer gave us for testing.

A: 

It's possible your certificate is not being served by a fully trusted CA. Have you gone into the trust relationships for the certificate mmc and established the CA server as a trusted root authority on the LDAP server?

EDIT: Also of note, it's possible that the reported name of the server is not matching the certificate being passed. You might want to check the logs of the LDAP server to make sure that the server name is being reported identically to the certificate listing.

Joel Etherton  2010-01-27 18:53:19
We don't have administrative access to the LDAP server, because it's the server of our customer who also gave us the certificate.
Flo  2010-01-27 19:01:07
Actually I just saw something. If you're using LDAP secure you can't use LDAP://, you need to use LDAPS://. Otherwise it'll send plaintext credentials when they should be encrypted.
Joel Etherton  2010-01-27 19:08:02
Ok, I'll give it a try. Another thing I'm not sure about is whether I stored the certificate in the right store. I put it into the computer's store. I think there it should be accessible for the authentication provider. To check check this I tried to access the LDAP via IE and noticed that the LDAP server's certificate got validated. So I think the certificate should be in the right place when the IE could access it for validation purposes.
Flo  2010-01-27 20:27:35
A: 

I believe this error can occur when the user under modification is disabled.

Try enabling the user and retrying the modification.

Ben Aston  2010-05-04 14:24:47

related questions

Upgrading Sharepoint 3.0 to SQL 2005 Backend?
Webpart registration error in event log
Sharepoint COMException 0x81020037
Transactional Design Pattern
Deploying InfoPath forms to different SharePoint servers
Profiling/Optimizing (Sharepoint 2007) Web Parts
Retreiving the PC Name of a Client? (Windows Auth)
What's the best way to report errors from a SharePoint workflow?
How to get out parameters working in SharePoint workflows
Editing User Profile w/ Forms Authentication
WSS/MOSS Book
Creating a development environment for SharePoint.
Sharepoint Wikis
Have you used a wiki in your project or group?
Can I copy files to a Network Place from a script or the command line?
How do you deploy your SharePoint solutions?
SharePoint WSS 3.0 Integration with Mac OSX (either Safari or Firefox)
SharePoint - Connection String dialog box during FeatureActivated event
How can I improve the edit-compile-test loop when developing a SharePoint workflow?
Best ajax library for Sharepoint
Alternative Hostname for an IIS web site for internal access only
How to reference to multiple version assembly
MOSS SSP problem - Failed database logons from deleted SSP
Sharepoint: executing stsadm from a timer job + SHAREPOINT\System rights
Can ASP.NET AJAX partial rendering work inside a SharePoint 2007 application page?