Already exists: JBoss Teiid (http://www.jboss.org/teiid) virtualizes your LDAP (and more besides) allowing you to 'safely' expose your directory as a restricted view. I use it all the time. Haven't made any millions yet, but I'll keep smiling.

Key part: "to any web app". You'll need some kind of OAuth provider on top so people can just plug it in right next to their Google, Twitter or Facebook providers.