SharePoint is typically set to impersonate the logged on user, so you would
normally be binding to AD as the browser user, not the network service
(machine) account. It is possible that they disable impersonation, but that
is unlikely.
If you are impersonating and are using IWA auth, you need to get Kerberos
delegation working. This may be hard in SharePoint as some versions
actually disable Kerberos auth in the metabase during install.
If the web part actually uses the trusted subsystem design and relies on the
identity of the worker process to make the changes, then you would need to
either change the app pool identity to a privileged user or allow the
machine account to have those privileges. However, this scenario seems
unlikely to me. You need to find out for sure before you can find out how
to proceed though.
Joe K.
----- Original Message -----
From: Ramon Linan
To: ActiveDir@mail.activedir.org
Sent: Wednesday, October 18, 2006 10:27 AM
Subject: [ActiveDir] orgfinder
Hi,
I was working on a webpart for SharePoint to allow users keep up to date
their info in AD, I just found out that there is already a free one.
www.orgfinder.com
They have an asp application and a webpart.
The application is working fine but the webpart is not working.
The app pool identity for the asp application is a user that I have created,
as I said this is working great.
But the SharePoint is using a different app pool with identity network
services and of course does not have rights to update AD info.
What would be the best way to fix this? changing the identity in the
SharePoint app pool requires several step because it will brake connection
to the content and configuration DB.
Is there other way? does anyone knows if it is possible to use another app
pool for just one webpart...I doubt it but I though I would be worthy to
ask.
Thanks
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
