Steps to reproduce:

1. Bring up ApacheDS 1.0 with the attached ldif
2. Configure ApacheDS as a Connector in Crowd
   1. Base DN: dc=example,dc=com
   2. User DN: ou=users
   3. Group DN: ou=groups
3. Go to Groups/confluence-users/Group Members and check that CapsUser is a member
4. Go to Applications/crowd/Directories and allow everyone to authenticate from the connector
5. Perform Authentication Test with CapsUser/password1 credentials
6. Go to Groups/confluence-users/Group Members

Expected outcome:
CapsUser is still a member of confluence-users group

Actual outcome:
CapsUser is not a member of confluence-users group any more. Synchronising the directory again will add the membership back.

I could not reproduce this problem with Crowd 2.6.5. I did some debugging and the problem seems to happen when we look for user's group memberships during authentication with an ldap query with a condition like this: (uniqueMember=cn=capsuser,ou=users,dc=example,dc=com). ApacheDS 1.0 does case-sensitive comparisons for uniqueMember attribute values, so that filter does not match anything. Changing it to (uniqueMember=cn=CapsUser,ou=users,dc=example,dc=com) makes it match correctly.