After CWD-180 is fixed, it seems Crowd+OpenLDAP will create groups with a blank uniqueMember (position 1) in it to satisfy the schema. However, subsequently, if you add an user to the group, it will create another uniqueMember instead of writing to the first blank one. So the end result is for a group with only one valid user, there will be two counts of uniqueMember in it.

This is causing problem on scripts that's expecting a value on the first uniqueMember, and affecting the total count as well. All in all, Crowd doesn't seem to have enough checks to ensure the integrity of the LDAP database, e.g. CWD-1184.

Thanks,