According to the Confluence documentation, when you enable External User Management, "...assignment of permissions to groups and users is still carried out within Confluence, but the creation of groups and users is not." The last bit is incorrect and has been since Confluence 2.9.3.

In Confluence 2.10 and up, while External User Management is enabled you can still create local users and groups. In Confluence 2.9.3, the option to add new users/groups is greyed out when External User Management is enabled.

In Confluence 3.5, the option is still confusingly broken, and the new user directories configuration adds additional complexity. The option should be removed and Confluence should be smart enough to display only options in the UI that make sense. For example, if there are no read-write directories enabled, then public sign-up and adding a user should be prevented or disabled.