Before this change, the output of the ldapOperations serverStatus section was as shown below:
{LDAPNumberOfReferrals: 0, bindStats:

{ numOp: 0, opDurationMicros: 0 }

, searchStats:

{ numOp: 0, opDurationMicros: 0 }

, unbindStats:

{ numOp: 0, opDurationMicros: 0 }

After this change, the output of the ldapOperations serverStatus section will be as shown below:
{LDAPNumberOfSuccessfulReferrals: 0, LDAPNumberOfFailedReferrals: 0, LDAPNumberOfReferrals: 0, bindStats:

{ numOp: 0, opDurationMicros: 0 }

, searchStats:

{ numOp: 0, opDurationMicros: 0 }

}

In other words, there are 2 new fields (LDAPNumberOfSuccessfulReferrals and LDAPNumberOfFailedReferrals) and the unbindStats field has been removed altogether.

Additionally, the above change is also reflected in the authorization section of the slow query log and the $currentOp aggregation state output.

Description of Linked Ticket

Currently, we only count the total number of LDAP referrals chased during a given operation and only log when we begin a connection attempt to a referred server.

We should group the referral count by "success" vs. "failure" and add additional logging when a referral fails, along with the reason why (e.g., TLS handshake failure). This will help TSEs easily identify where an LDAP operation failed if the query involved numerous referrals in a large AD forest, for instance.