Comment 11 for bug 227744

It is not a good idea to add the user by default because not all openldap installations require it. If the user were added to the group by default, the openldap user could end up with access to highly sensitive data when it doesn't even need it for itself, possibly without the admin knowing about it. That said, the error message should be more clear IMHO, and possibly detected during upgrade.