[Serusers] ldap+radius+ser

hi guys, our university is using ldap as password storage for the authentication of several services like webmail, webproxy, etc. there are so little info regarding the implementation of ldap and http digest authentication (which sip use). we are trying to implement scenario where ser would authenticate vs a radius server, which in turn would query the ldap. so far, we have only done authentication between ser<------->radius and radius<------->ldap, but not ser-->radius-->ldap i know that basic authentication would work but poses a big risk of the sip passwords being sniffed out of the network. now my question is, has anybody tried this kind of approach? still i think the best solution would be an ldap module for ser, probably a basic authentication over tls, coz ldap's digest auth support requires an sasl database which i think adds another point of failure. do you guys have any suggestion on how to approach this challenge? ~kelvin