There is LDAP Directory service (LDS) and there is CA LDAP Server.
What is the difference?

Release : 16.0

The purpose of the LDS function is to keep databases residing on other ldap servers
in line with changes bein made to the ACF2 Databases.
When a change is made in the ACF2 databases, an equivalent change will be sent to the remote
ldap servers so that their local database can be kept in sync.
Here are details of the setup.
This communication is outbound only. (ACF2 to external ldap server)

The CA LDAP Server receives calls in LDAP protocol format from local or remote applications and
executes the requests against the ACF2 Databases.
There is a complete TECHDOC manual for support of the CA LDAP Server

This communication is inbound only, Local/remote application to ldap server on z/OS talking to ACF2 on z/OS.

A third option is DSI. With the available SDK you can invoke DSI callable services
 to verify a user logon or a user's acces sto resources from a java program.
Here is a link to the DSI documentation - SDK for DSI usage.