IBM LDAP currently doesnt have the ability to update the CA Top Secret for z/VSE security file.
CA Technologies has its own version of LDAP called CA LDAP, but only runs on the z/OS platform. There arent any versions that run on z/VM/ z/VSE or z/Linux.
CA LDAP allows you to issue security checks, authenticate, extract information from the security file and make TSS administrative changes to CA Top Secret for z/OS.
CA PAM allows you to validate signons on z/Linux. It requires CA LDAP. When a signon occurs in z/Linux, CA PAM will make a call to CA LDAP and authenticate the userid and password. This means the userid and password must exist on CA Top Secret for z/OS.
If the validation is successful or unsuccessful, we let CA PAM know and it allows or fails the signon on z/Linux.
Currently there is no equivalent of CA PAM that runs on z/VM and z/VSE.