Some credential providers (such as CAS on LDAP) may return logins that are not exactly matching the LDAP : "ced", "Ced", "CED", "cED" are all the same user ; but we will finally fail somewhere (such as in CASCredentialProvider).
So we have to reject logins that are not the login stored in the UserManager