Description of problem: There are a couple of ways a RealmUser principal could already exist, the security realm should only be creating one as a last resort.
Please, could you provide a broader context? In which cases can I verify that the problem is solved?
I would suggest something like configuring the ApplicationRealm to use LDAP but also configure it to reload the users identity. Then use an EJB application and on the remote client and use the username in a different case, in the failure scenario within the application you should see the users identity represented using the case supplied by the remote client, in the success case where the correct RealmUser mapping occurs you should now see the correct case.