Changing groupname casing in external user management causes intermittent loss of group membership

Diagnosis

Group names have had their case changed in the source directory. The following will appear in the atlassian-confluence.log:

2013-09-12 01:44:15,408 WARN [scheduler_Worker-9] [atlassian.crowd.directory.DbCachingRemoteChangeOperations] findGroupsToUpdate remote group name [ group1 ] casing differs from local group name [ GROUP1 ]. Group details will be kept updated, but the group name cannot be updated

Steps to Reproduce

(I am using Crowd for this example but this could also occur when using AD or any other LDAP)

1. Set up Crowd 2.7 and Confluence 5.4.1 (these are the versions I used, but this bug has been apparent since at least Confluence 5.3.1 and JIRA 6.1.2)
2. Create a Crowd user
3. Create a group in Crowd called 'group1'
4. Add the user to the group in Crowd
5. Create a group in Crowd called confluence-administrators and add the user to it
6. Set up Crowd as a directory in Confluence (or JIRA) and sync it
7. Change the name of the group in the Confluence (or JIRA) database to 'GROUP1' and sync again
   (This is to simulate the casing being changed in an external directory, eg AD. You cannot change the case directly in Crowd, but if AD is connected to Crowd and Crowd is connected to Confluence, when the casing changes in AD this issue occurs)
8. Log in to Confluence as the user.
9. Go to Admin > Users in Confluence (confirm the password when prompted)
10. View your group memberships and confirm you are a member of GROUP1
11. Go to the Dashboard
12. Click in the top banner to drop admin rights
13. Go back to Admin > Users, confirming password again when prompted
14. Confirm that you are no longer a member of GROUP1
15. Repeat steps 11 - 13 and confirm that you are a member of GROUP1 again
16. Repeat again and confirm the membership is gone

NB: This is similar to old issues that used to occur when the casing changed, but they all occurred on intermittent directory syncs. That does not appear to be occurring anymore, and it is now only authenticating into the admin section of both JIRA and Confluence that causes this issue.

Workaround

1. Remove and recreate the directory in Confluence. NB: Only do this if you are not using read only with local groups (that is, so long as all the group memberships are stored in the external directory, not in Confluence), as this will cause you to lose the local group memberships.
2. Avoid renaming groups to change casing in external directories. If this must be done, co-ordinate with the person making the change, and proactively remove and recreate the directory in Confluence once the group is renamed.