When you have:
1. a UserDirectoryProvider used as the same time as the default internal user/role provider, and
2. you have a user created in Opencast that also exists in the external provider, and
3. the external provider allocates additional roles to the user,
then Opencast persists those external roles in the internal database (mh_user_role and mh_role), which is undesireable as the external roles should be exclusively under the control of the external provider.