Turns out this was an openldap config issue .. connecting to ldap via
self signed cert and had
/etc/openldap/ldap.conf as
TLS_CACERT /etc/dovecot/ldap_ca
TLS_REQCERT allow
TLS_CACERTDIR/etc/openldap/certs
SASL_NOCANONon
Seems what ever gets generated in TLS_CACERTDIR is problem .. comm
Not sure if this is dovecot or not but can find very little ie no info
around on this ... and added the pem file into
/etc/pki/ca-trust/source/anchors and run udpate-ca-trust .. all works ok
.. (this is on centos 7 btw)
So wanted to change the hostname away from ip-x-x-x-x to something a
little bi