Just saw that vilONE had updated his answer. I agree that in the database the objectGUID is not unique. However, the bug is that - apparently - it is impossible to delete a user from vCloud Director admin users. Please note that this bug also applies to *AD groups* - once added under LDAP simple, can't change it to Kerberos.
Now this is what I had been working on earlier this morning...
OK - this appears to be an actual bug 
First - vilONE was right that switching to Simple changes the schema...silly me I had not bothered to scroll down to check. Changing to Simple automatically uses sAMAccountName and changing to Kerberos uses userPrincipalName.
However...the initial problem still appears: 1) user created under Simple LDAP; 2) delete user; 3) change LDAP type to Kerberos; 4) re-import admin user; 5) no login!
I attached a PDF with all the steps and screenshots..
Net effect: *choose carefully* the authentication method for LDAP. Evidently with vCloud Director 5.1.2 it is not possible to switch and still allow existing LDAP users to login. Bummer.
Hope we can get an answer from VMware and maybe a patch to vCloud Director.
NOTE: Also just verified that bug is in effect the other way as well. 1) Set to Kerberos LDAP; 2) Add user; 3) Delete user; 4) Set LDAP to Simple; 5) Import same user again; 6) Just like above...unable to login (and the user displays with UPN).
Message was edited by: andybrucecsc