I have freeradius server using ldap DS for aaa. my radius supports
users and uses PAP.
what is the best way for secure user_passwords in connection between
ldap server to user?
If you're authenticating against a RADIUS server, clients won't be talking to LDAP
directly at all. Any connection security (I'm assuming you're talking about
something like encryption here) would need to be done with your RADIUS server, and LDAP
server<->client password security is a non-issue.