Scenario:
1. vCD 5.1.2 (latest patches) with simple LDAP authentication and AD usersimported.
2. Change LDAP authentication from Simple to Kerberos.
3. Under Admin / Users: Remove test vCD user (right-click and disable, then right-click and delete).
4. Add same test user back again. User shows up simply as "testuser".
5. Test user can no longer login.
6. With setting to Kerberos, add (import) a different LDAP test user #2.
7. Test User #2 shows up as "testuser2@domain.com".
8. Login works for Test User #2.
The issue appears to be that when an LDAP user is deleted from vCD users, it isn't really deleted from the database. That is, adding that user back in reuses the same database entry. I suspect this is due to the unique identifier (such as "objectGuid") being retained on the underlying database to identify this imported LDAP user
This is a problem because, under Kerberos, the user is always "user@domain.com". Under simple LDAP the same user is just "user" (no realm).
The net effect is that I am unable to switch to Kerberos because then my existing imported LDAP users will fail to login even after I delete / re-import them. This is also occurring even if I run the "Synchronize LDAP" option from the LDAP settings screen.