When Confluence encounters a username that appears in both the LDAP and hibernate repositories, it favours the LDAP details. This is deliberate and I don't have a problem with it.
When Confluence lists the users in the system it lists one entry for the LDAP user and another for the hibernate user. That doesn't seem unreasonable either.

What I find confusing is the combination of these behaviours. That is, the same user appears in the list once for LDAP and once for Hibernate, but clicking on either results in exactly the same screen, with the read only LDAP user.

A particularly sneaky part of this, is that there is nothing in the list of users to show that the users come from different user repositories.

I feel it would be better if:

• The admin's list of users http://localhost:8080/admin/users/showallusers.action included a Repository column, like the group membership screen does.
• The admin could view and edit the hibernate version of the user.