What is the difference between ldapAuthentication vs inMemoryAuthentication?

Question

I am currently following Spring.io tutorials. The links are Authenicating-ladp and securing-web

I can see that they are very similar besides the configuration.

LDAP

@Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .ldapAuthentication()
                .userDnPatterns("uid={0},ou=people")
                .groupSearchBase("ou=groups")
                .contextSource(contextSource())
                .passwordCompare()
                    .passwordEncoder(new LdapShaPasswordEncoder())
                    .passwordAttribute("userPassword");
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        return  new DefaultSpringSecurityContextSource(Arrays.asList("ldap://localhost:8389/"), "dc=springframework,dc=org");
    }

securing-web

@Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

What are the pro and cons of using each? Which one is preferred for best practices?

Answer 1

In-memory authentication is the simplest form, and requires that the credentials for all users be specified in the code itself. This is impractical in all but the simplest cases.

LDAP authentication involves authenticating against the LDAP access system, used in many organisations and enterprises around the world. It is considerably more flexible, and therefore more complicated.