Is open ldap a good solution to a centralized way to authenticate users on a web site?

If you're doing an internally facing site, or a site with a closed userbase, then openLDAP would be perfectly fine. I do something similar with my own intranet sites (though I use Apache authenticated against AD).

For public sites, I agree with Chopper3. Allow a local authentication if you want, but definitely allow OpenID (or even use the Twitter/Facebook/whatever centralized accounting).

OpenLDAP is not a way to authenticate users; it's a way to store data in a directory.

You can definitely use it to store information about the users of your website, including the credentials they use to authenticate themselves.

However, you're still going to have to work on the authentication bit seperately. As Chopper3 suggests, OpenID is a nice way to do this: there's a small amount of complexity in the setup, but the signing process for users becomes much nicer because they don't have to remember yet another password.

How about OpenID :)

OpenDS works pretty well for me. It is free, installs very quickly and simply, and has a GUI for management. http://www.opends.org