I've been working on a related problem recently, so this may
interesting to you. I've developed a SLAPI plugin that implements OATH
HOTP authentication as LDAP simple bind. Token objects are stored in
LDAP directory; synchronization is implemented as an EXOP. SLAPI
implementation in OpenLDAP lacked EXOP support, so I've fixed that, too
(and I'm going to submit a patch soon). The project is being prepared to
be published under an open license. If that sounds interesting for you,
don't hesitate to drop me an email.
I'm also planning to port this plugin to OpenLDAP's native overlay API.
I'm currently also working one something like that.
I'd also like to have a standardized schema.
Did you have a chance to publish something of your stuff?