The general layout of the Roundcube OTP plugin allows for multiple storage backends. The one likely to be used in a Kolab environment will be LDAP. The LDAP storage module will read and write the user's record in LDAP, preferably bound with the user credentials to limit permissions as much as possible. With the information stored in LDAP, this will also allow administrators to set or reset OTP settings for individual user accounts from within the Webadmin interface.
Basic implementation done but needs refinement to store data in ipatokenTOTP and ipatokenHOTP class objects as defined in https://git.fedorahosted.org/cgit/freeipa.git/tree/install/share/70ipaotp.ldif