We have written an authentication provider for a SharePoint web application which can requests multiple LDAP directories.

One of the LDAP server have to be requested via SSL. So we imported the CA certificate which was used to sign the LDAP server's certificate into the certificate store of the SharePoint server.

The following code snippet shows how we authenticate an user. The passed credentials (account, password) belong to the user we want to authenticate.

 var entry = new DirectoryEntry("LDAP://<ldap-server-address>", "cn=account,ou=sub,o=xyz,c=de", "password", AuthenticationTypes.SecureSocketsLayer);
 var searcher = new DirectorySearcher(entry);                
 var found = searcher.FindOne();

When the code is processed, the call to searcher.FindOne() throws following exception.

System.Runtime.InteropServices.COMException (0x80072035): The server is unwilling to process the request

What circumstance can lead to this error?

UPDATE:

I found some information about the error message. There the problem seems to be the certificate store, as the user has only stored the certificate in the in the user's store and not in the computer's store. Unfortunately we've already stored it there. So could this be still a certificate issue?

UPDATE/SOLUTION:

Actually the problem is solved. It seems as if the root CA certificate was imported correctly but the error messages the LDAP server responded was caused by an expired user account our customer gave us for testing.