You can customize Java™ Authentication and Authorization (JAAS) login configurations by writing a customized login mapping module.
WebSphere® Application Server for z/OS® has the ability to provide mapping from a remote method invocation (RMI) inbound request with LDAP credentials to the system authorization facility (SAF) Identity. The use case is a WebSphere Application Server on any platform that is configured to LDAP and sends a RMI/IIOP request to a second server configured to a SAF User Registry. The WebSphere Application Server (release 5.1 and higher) sends a RMI request using LTPA Token representing the LDAP identity to the WebSphere Application Server for z/OS that is configured to SAF. The following figure illustrates this mapping.