LDAP with CMOD is a bit of a mess.
The snag is that CMOD only uses LDAP for password authentication -- not any of the other things that LDAP is good for, like centrally maintaining group membership, and assigning permissions through those group memberships. So you end up maintaining a list of CMOD Users & Groups, even if LDAP is enabled and working.
IBM Lab Services has some code that helps with LDAP (and SSO), so the best way forward is to work with them if you want to do anything over and above simple password authentication.
-JD.