In an effort to prevent LDAPBindOptions from going out of scope during long network operations, SERVER-45309 stored a copy of those those options onto each connection. Given that each LDAPBindOptions instance stores the user DN and credentials (which is a SecureString ), these copies are potentially expensive. It would be preferable to have a single instance of these options and have each connection store a shared_ptr to it.

Additionally, the server leaks LDAP connections if they cannot be scheduled into another thread because it assumes that it must be in shutdown if this is the case. We should log whenever this happens to ascertain that LDAP connections are not being inadvertently leaked when thread scheduling fails outside of shutdown.