When using Confluence with delegated LDAP user management, if the configuration is not set to READ/WRITE,
Confluence refuses to disable or remove a user.
What happens is that Confluence tries to disable the user in LDAP, even in READ ONLY mode and thus an exception is given:
Even if the user hasn't contributed with any content, it becomes unable to be disabled unless using READ/WRITE configuration.
This was closed as not a bug, because this behaviour is by design. The option to disable a user in a Read Only directory was removed in 5.1.4. We have opened a feature request to allow disabling of users in a Read Only directory here.