Once you configure Ops Manager with LDAP, all user maintenance should be done via LDAP (e.g. creating new users, editing user permissions) as per https://docs.opsmanager.mongodb.com/current/tutorial/configure-for-ldap-authentication/

All group maintenance should also be done via LDAP.

This has the side effect that groups can no longer be deleted from Ops Manager (but you can remove access to them by just removing all users from the LDAP group that maps to the Ops Manager group's roles)

This should be better documented in the pages in these sections:

• https://docs.opsmanager.mongodb.com/current/tutorial/nav/manage-groups/
• https://docs.opsmanager.mongodb.com/current/tutorial/nav/access-control/

(The warning should just be something along the lines of "If you are using LDAP to manage your Ops Manager users, these instructions do not apply to you. Please instead refer to https://docs.opsmanager.mongodb.com/current/tutorial/configure-for-ldap-authentication/")