That does sound good... if Roundcube connects over IMAP secured then adding that extra check in dovecot-mysql.conf is a good idea; it can never be too secure.
Giving the option of using webmail from another server is a step further in making it more versatile, it would require an extra input field in iRedAdmin-Pro though. If nothing is filled out, that part of the query would be '%r' IN ('127.0.0.1', '') which I think is ok, unless there's a chance that the %r variable would fail, also giving an empty string. But then again, the rest of the query is still in place to keep it all secure.
The extra row in the SQL database for the IP address of an external webmail server should probably go in another table, as I think it's a global variable applicable to all domains and users on the server.
I can't comment on the LDAP versions, as I don't have any experience with it... but it looks good to me.
All in all it seems like you have it covered.