Ahhhhhhhhhhh That's what you need :-) that has nothing to do with LDAP, but SSO !!!
What kind of web application? An application that you will build from "scratch"? Or do you plan to use ICN (IBM Content Navigator)?
In both case, you will need to write a security user exit in CMOD (in C/C++), that will read the user / SSO token that you will receive from your environment.
This security user exit will need to check if the combination user / SSO token is valid (could be done through some web service or some internal check).
Once you've validated with the user exit that your SSO token is valid, then you can allow the user to use CMOD because he is authenticated.
To be honest, I haven't found any documentation on how to do it, but I've done it 2-3 time now. So I have some experience. If I can help you, I will.
Basically for a SSO, it works like that:
A) the user authenticate itself with the main authentication of the company (with card reader, user / password, usb key, fingerprint, whatever...)
B) once the system recognize you with what you provided in A), then it will create some credentials (normally some kind of "SSO Token" that contains lots of information, like validity of the token, user, rights, ...)
C) Then all applications that needs authentication, will use that SSO Token with probably also the user id of the user, but not always. So they need to decrypt this token or to provide this token to a service to verify it. Once verified, then it will authenticate the user to use the wanted app.
With ODWEK, basically you will need to use the method (starting from V9) ODServer.setPassThruToken(...) in order to provide the SSO token to CMOD, and with ODServer.setUserId(...) the username of the user.
After you run ODServer.logon(), the user id and the token are sent to CMOD.
The security user exit will be called with lots of parameters included the userId and the Token.
The security user exit will try to valided it.
If it validated, then it will give to CMOD, an OK.
If not, a Not OK.
And finally CMOD will send to ODWEK the answer OK or Not.
Your web app will then do what he needs to do :-)
I hope I was a bit clear on how to do it in a semi-high level :-) That's not always easy to implement correctly, and this is always something that needs development, because no 2 customers are the same.
With ICN, I've build a standard way to do SSO with CMOD according to the very high level explanation of IBM on that topic.
Regards,
Alessandro