I am trying to configurate a Ejabberd server using the Zimbra LDAP for auth. The hostname is mail.mydomain.cl but mail server accounts are @mydomain.cl
When try to login Ejabberd show this error:
** State machine <0.373.0> terminating
** Last event in was {xmlstreamelement,
{xmlelement,"starttls",
[{"xmlns","urn:ietf:params:xml:ns:xmpp-tls"}],
[]}}
** When State == wait_for_feature_request
** Data == {state,{socket_state,gen_tcp,#Port<0.3077>,<0.372.0>},
ejabberd_socket,#Ref<0.0.0.9627>,false,"4171833340",
{sasl_state,"jabber","mydomain.cl",[],
#Fun<ejabberd_c2s.1.126837140>,
#Fun<ejabberd_c2s.2.57268884>,
#Fun<ejabberd_c2s.3.64018780>,undefined,
undefined},
c2s,c2s_shaper,false,true,false,false,
[verify_none,{certfile,"/etc/ejabberd/ejabberd.pem"}],
false,undefined,[],"mydomain.cl",[],undefined,
{0,nil},
{0,nil},
{0,nil},
{0,nil},
undefined,undefined,undefined,false,
{userlist,none,[],false},
unknown,unknown,
{{181,72,77,149},33443},
[]}
** Reason for termination =
** {{badmatch,{error,"SSL_CTX_use_PrivateKey_file failed: error:0906D06C:PEM routines:PEM_read_bio:no start line"}},
[{ejabberd_socket,starttls,3},
{ejabberd_c2s,wait_for_feature_request,2},
{p1_fsm,handle_msg,10},
{proc_lib,init_p_do_apply,3}]}
I created self signed certificate with this commands:
openssl req -new -key privkey.pem -out server.pem
openssl x509 -req -days 3000 -in server.pem -signkey privkey.pem -out certificate.pem
cat certificate.pem privkey.pem > /etc/ejabberd/ejabberd.pem
There are some the most important lines of my config file:
{acl, admin, {user, "admin", "mydomain.cl"}}.
{hosts, ["mydomain.cl"]}.
{s2s_use_starttls, true}.
{s2s_certfile, "/etc/ejabberd/ejabberd.pem"}.
{auth_method, ldap}.
{ldap_servers, ["mail.mydomain.cl"]}.
{ldap_encrypt, none}.
{ldap_port, 389}.
{ldap_rootdn, "cn=config"}.
{ldap_password, "mypass"}.
{ldap_base, "ou=people,dc=mydomain,dc=cl"}.
{ldap_uids, [{"uid"}]}.
{ldap_filter, "(&(objectClass=zimbraAccount)(zimbraAccountStatus=active)(!(zimbraHideInGal=TRUE)))"}.
It seems your error mean the
It seems your error mean the certificate is incorrect and that ejabberd cannot read / find the private key in it: "no start line"
Maybe a few of this page will help you:
Common mistake seems to be "^M" terminated lines for certs generated on Windows.