Hi, there are different ways to avoid storing clear text passwords. For example use one of the many vault products that are available.
Regarding the ldap question I suggest you have a look at the transportSecurity option in the ldap configuration of mongod.conf. There are tutorials available in mongodb blogs.