When my user tries to register, I'd like to make sure his information is valid, by checking an external identity repository (e.g. call a web service or look up a directory server).

Is that possible with any existing module? If not, what would be the best way to develop this functionality?

I'm not aware of an existing module allowing the addition of custom validation, but it is fairly easy to implement this using the 'validate' action of hook_user():

function yourModule_user($op, &$edit, &$account, $category = NULL) {
  // Are we in the validation phase of a new user registration?
  if ('validate' == $op && 'user_register' == $edit['form_id'] && 'account' == $category) {
    // Yes, do custom validation...
    // NOTE: Just an example to validate by email.
    // Check the other elements in $edit array (e.g. 'name') for more options
    $mail_is_valid = yourModule_custom_mail_validation($edit['mail']);
    // Is the mail address OK?
    if (!$mail_is_valid) {
      // No, set error on mail form field
      form_set_error('mail', t('your custom error message'));
    }
  }
}

This would stop the registration process and redisplay the registration form with the error message on the mail field as long as yourModule_custom_mail_validation() does not return TRUE.

If you want the validation to happen for existing users editing their account also, you could drop the

 && 'user_register' == $edit['form_id']

part from the first if clause - the code would then run for every user edit form submission, not just on registration.

If you are using an LDAP server to authenticate, there is the LDAP module. Check that out.

For authenticating with some other web service, you'll have to write a module and implement hook_user, particularly the 'login' case. If, upon login, the user's credentials do not match those in your web service, you can log them out and display a message, perhaps.