Confluence uses the directories in the order you put them in the directory list. 

It's not quite as simple as that, but it does seem to work like that.  Imagine you've got a user called Charlie, and three directories in this order in the list:

• LDAP1 (Charlie isn't in this one)
• LDAP2 (Charlie is in this one)
• Internal (Charlie is in here too, with an identical login id)

When Charlie tries to log in, or you're looking for Charlie in a search, or to display their name, or group membership or whatever, Confluence effectively scans top to bottom through the list.  It won't find Charlie in LDAP1, but when it finds them in LDAP2, it stops and uses that record for Charlie.

If you change the order so that:

• LDAP1 
• Internal
• LDAP2

Charlie will be read from the internal directory instead, as it's the first one found.

So, you need to be very careful if you want to have duplicate users, because Confluence will only recognise and work with the first one it finds.

Confluence will not let you add duplicate users though - it searches through all the directories and stops the creation as soon as it finds Charlie in any directory.

So, with that warning noted

To create Charlie in the internal directory, plan a few minutes down-time, as you're going to break people's access temporarily.

Given my example directories above, but with Charlie only being in LDAP2 at the moment and not having an internal account:

• Log in as an administrator.  But as an administrator account that is not in LDAP2 - it must be an admin in the internal directory or LDAP1.
• Go to Admin -> User directories
• Disable LDAP2
• Add Charlie (you will be asked which directory to create in, if you have more than one writable directory - select internal, of course)
• Re-enable LDAP2
• End the down time