This issue is resolved in NSX-T Datacenter 3.1.2.0.
Workaround:
To allow users login with alternative UPN, LDAP should be configured with alternative subdomains.
In this case of a primary example.com and example.net, the following configuration should be used.
1) Add AD example.com
2) Configure the alternative domain names "example.net"