A customer is using RH-SSO 7.2.5, and reported that when creating a new realm with a user imported from LDAP user federation, the operation fails and RH SSO is answering with a 500 internal server exception, provided that "import users" in the user federation configuration is switched off.

The following error/exception is reported in the RH-SSO logs:
~~~
11:03:11,204 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-17) Uncaught server error: org.keycloak.storage.ReadOnlyException
at org.keycloak.models.utils.ReadOnlyUserModelDelegate.grantRole(ReadOnlyUserModelDelegate.java:133)
at org.keycloak.models.utils.UserModelDelegate.grantRole(UserModelDelegate.java:179)
at org.keycloak.models.utils.UserModelDelegate.grantRole(UserModelDelegate.java:179)
at org.keycloak.models.utils.UserModelDelegate.grantRole(UserModelDelegate.java:179)
at org.keycloak.models.utils.UserModelDelegate.grantRole(UserModelDelegate.java:179)
at org.keycloak.models.utils.UserModelDelegate.grantRole(UserModelDelegate.java:179)
at org.keycloak.models.cache.infinispan.UserAdapter.grantRole(UserAdapter.java:316)
at org.keycloak.services.resources.admin.RealmsAdminResource.grantPermissionsToRealmCreator(RealmsAdminResource.java:163)
at org.keycloak.services.resources.admin.RealmsAdminResource.importRealm(RealmsAdminResource.java:142)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249)
...
...

~~~

Please see the "Steps to Reproduce" and attached files for more.