There has been some long standing strangeness around the __configure_sasl_mappings() step in krbinstance.py

I think I tracked it down to the use of the asynchronous variant of the ldap search operation used in that code.
I was installing a replica under heavy machine load (a VM on a busy development machine), and it again failed to find and remove entries.

If the server is slow an async request can easily return 0 results on the first try and the code was trying to collect results only once and not checking if all results had actually been returned.

I think this explains both the issues that have been seen with sasl mappings not being properly deleted and some issues with the connection for which a workaround was present in the code.

The code should use a synchronous search request so that all results are properly accounted for and returned.