Inherited ASP.NET code that connects to OD not working when connected to AD

I've inherited a piece of software that connects to our Open Directory to provide web authentication. When connected to the OD it works like a charm but we want to transition to using Active Directory as our main authentication provider.

Obviously there are differences in the LDAP scheme between the two and I've spent the last 6 hours googling and reading but I'm still in a bit over my head. When you try to login to the web interface this is the error that is shown (this is what the web interface looks like http://cl.ly/Grgo);

Exception Details:

System.DirectoryServices.DirectoryServicesCOMException: An operations error occurred.
[DirectoryServicesCOMException (0x80072020): An operations error occurred.]
LBOX.Membership.LDAPMembershipProvider.ValidateUser(String username, String password) in c:\Program Files\CruiseControl.NET\server\users.lbox.com\WorkingDirectory\LDAPMembershipProvider\LDAPMembershipProvider.cs:59
LBUserService.Login.loginButton_Click(Object sender, EventArgs e) in c:\Program Files\CruiseControl.NET\server\users.lbox.com\WorkingDirectory\LBUserService\Login.aspx.cs:21
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981

It obviously has something to do with line 59 of LDAPMembershipProvider.cs and my web.config file.

The web.config file from CruiseControl.net

<membership defaultProvider="LDAP">
  <providers>
    <add name="LDAP" 
         type="LBOX.Membership.LDAPMembershipProvider" 
         LDAPRoot="LDAP://10.0.1.19:389/cn=administrator,cn=users,dc=office,dc=lbox,dc=com" />
  </providers>
</membership>

line 59 from LDAPMembershipProvider.cs

// Attempt to log into the LDAP server as this user
DirectoryEntry root2 = new DirectoryEntry(LDAPRoot, distinctName, password, AuthenticationTypes.ServerBind);
DirectorySearcher searcher2 = new DirectorySearcher(root2);
searcher2.SearchScope = SearchScope.Subtree;
searcher2.Filter = String.Format("cn={0}", username);

I'm almost positive it has something to do with how I'm connecting to the AD using LDAP:// I've tried but I'm unable to connect. Any help would be appreciated even if its just guesses. Ideas are to allow the AD to authenticate username and passwords without being bound.

That LDAPRoot path in your web.config looks a bit fishy to me - it seems to denote a actual user:

LDAPRoot="LDAP://10.0.1.19:389/cn=administrator,cn=users,dc=office,dc=lbox,dc=com"
                               ****************
                               User "administrator" 

But shouldn't that be some sort of a container instead? When authenticating a user, I would assume the LDAP membership provider will have to look up the user knocking on your digital doors inside an LDAP container to see if he/she is valid (or not).

You're creating a directory searcher based on that LDAP root - and searching within a user doesn't typically return any results....

I would try to use

LDAPRoot="LDAP://10.0.1.19:389/cn=users,dc=office,dc=lbox,dc=com"

This would just search inside the cn=users container, and promises more chance of a result, I hope!