Thanks for your followup Bryan,
Glad that you've got the code work. As you mentioned that changing IUSR to
ASPNET worked, do you mean switch the ASP.NET application's process
identity from IUSR to ASPNET? If so, I think the problem is due to the IUSR
account didn't have the permission to access the computer store certificate
since it's a very restricted account.
Anyway, thanks again for your posting. Please always feel free to post here
when you need assistance.
Regards,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
| From: "Bryan" <Br*****@nospam.nospam>
| References: <#p*************@TK2MSFTNGP11.phx.gbl>
<#f**************@TK2MSFTNGXA02.phx.gbl>
| Subject: Re: asp.net and ldap
| Date: Thu, 8 Sep 2005 09:08:25 -0700
| Lines: 92
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <ub**************@TK2MSFTNGP10.phx.gbl>
| Newsgroups: microsoft.public.dotnet.framework.aspnet
| NNTP-Posting-Host: 208.46.205.150
| Path:
TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP1
0.phx.gbl
| Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.aspnet:342649
| X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
|
| Thanks for your response. However I got it to work. I had to change the
web
| site from IUSR to ASPNET and everything worked fine after that.
|
|
| "Steven Cheng[MSFT]" <st*****@online.microsoft.com> wrote in message
| news:%2****************@TK2MSFTNGXA02.phx.gbl...
| > Hi Bryan,
| >
| > Welcome to ASPNET newsgroup.
| > From your description, you have a certain asp.net web application which
| > use
| > the System.DirectoryServices classes to make LDAP request to a remote
| > server. The application's ldap requery code works well on your
development
| > machine, however you're encoutering "the server is not operational"
error
| > when running a deployment server, yes?
| >
| > AS for the LDAP query, are you accessing the ldap service through the
SSL
| > port? If so , based on my experience, this should be a certificate
related
| > issue. For SSL protected communication, when establishing the
connection,
| > the clientside will validate the server certifiate in the local
| > certificate
| > store, to find the Trusted root CA for that server certificate, if not
| > found , the connection establishing will fail. So if your ldap request
is
| > really over SSL port, you can try checking your deployment server's
| > Computer Certificate Store's Trusted root CA to see whether you can find
| > the root CA for your ldap server's ssl server certificate. If you're not
| > quite sure on the root cert, you can checking the computer certificate
| > store on your development machine and compare them to see whether you
can
| > find any clues.
| >
| > Thanks,
| >
| > Steven Cheng
| > Microsoft Online Support
| >
| > Get Secure!
www.microsoft.com/security
| > (This posting is provided "AS IS", with no warranties, and confers no
| > rights.)
| > --------------------
| > | From: "Bryan" <Br*****@nospam.nospam>
| > | Subject: asp.net and ldap
| > | Date: Wed, 7 Sep 2005 09:40:42 -0700
| > | Lines: 28
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| > | X-RFC2646: Format=Flowed; Original
| > | Message-ID: <#p*************@TK2MSFTNGP11.phx.gbl>
| > | Newsgroups: microsoft.public.dotnet.framework.aspnet
| > | NNTP-Posting-Host: 208.46.205.150
| > | Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFT NGP11.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl
| > microsoft.public.dotnet.framework.aspnet:122953
| > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
| > |
| > | Hello,
| > | I have a asp.net app working with directory services on my Windows XP
| > | development machine. However when I moved the application over to our
| > | production server (Win 2000 Server) it no longer works.
| > |
| > | I use this code to try to connect to ldap:
| > | System.DirectoryServices.DirectoryEntry entry = new
| > |
| >
System.DirectoryServices.DirectoryEntry(LDAP://corp.mydomain.com,user,pass);
| > |
| > | I tried using my user name and password, the domain admin user/pass
but
| > keep
| > | on getting "the server is not operational" error. Now I know this is
| > | security related, but after a day and a half of trying to get it to
work
| > and
| > | searching google i cannot find out how to make it work!
| > |
| > | I even tried using ldp.exe on the webserver, it worked fine. I was
able
| > to
| > | connect right to the ldap no problem...
| > |
| > | Any and alll help is greatly appreciated!!!
| > |
| > | Thanks,
| > |
| > | Bryan
| > |
| > |
| > |
| > |
| > |
| > |
| > |
| >
|
|
|