From 4280e31239354eb2fb03a06fde6573fec02bb7ce Mon Sep 17 00:00:00 2001
From: Gabriel MABILLE <gamab@users.noreply.github.com>
Date: Mon, 18 Sep 2023 16:21:59 +0200
Subject: [PATCH] Devenv: Fix openldap-multiple dev environment (#75013)

---
 .../blocks/auth/openldap-multiple/README.md   | 50 ++++++++++
 .../admins-ldap-server.Dockerfile             | 30 ------
 .../admins-ldap-server/modules/memberof.ldif  | 33 -------
 .../prepopulate/2_users.ldif                  | 20 ----
 .../prepopulate/3_groups.ldif                 |  6 --
 .../openldap-multiple/docker-compose.yaml     | 40 +++++---
 .../auth/openldap-multiple/entrypoint.sh      | 98 -------------------
 .../openldap-multiple/ldap-server.Dockerfile  | 30 ------
 .../ldap-server/modules/memberof.ldif         | 33 -------
 .../ldap-server/prepopulate/2_users.ldif      | 59 -----------
 .../ldap-server/prepopulate/3_groups.ldif     | 23 -----
 .../auth/openldap-multiple/ldap_dev.toml      | 76 ++++++++------
 .../blocks/auth/openldap-multiple/notes.md    | 38 -------
 .../auth/openldap-multiple/prepopulate.sh     | 14 ---
 .../1_units.ldif                              |  4 +-
 .../srv1_prepopulate/2_users.ldif             | 30 ++++++
 .../srv1_prepopulate/3_groups.ldif            | 10 ++
 .../1_units.ldif                              |  4 +-
 .../srv2_prepopulate/2_users.ldif             | 30 ++++++
 .../srv2_prepopulate/3_groups.ldif            | 10 ++
 20 files changed, 206 insertions(+), 432 deletions(-)
 create mode 100644 devenv/docker/blocks/auth/openldap-multiple/README.md
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/modules/memberof.ldif
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/2_users.ldif
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/3_groups.ldif
 delete mode 100755 devenv/docker/blocks/auth/openldap-multiple/entrypoint.sh
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/ldap-server/modules/memberof.ldif
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/2_users.ldif
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/3_groups.ldif
 delete mode 100644 devenv/docker/blocks/auth/openldap-multiple/notes.md
 delete mode 100755 devenv/docker/blocks/auth/openldap-multiple/prepopulate.sh
 rename devenv/docker/blocks/auth/openldap-multiple/{ldap-server/prepopulate => srv1_prepopulate}/1_units.ldif (62%)
 create mode 100644 devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/2_users.ldif
 create mode 100644 devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/3_groups.ldif
 rename devenv/docker/blocks/auth/openldap-multiple/{admins-ldap-server/prepopulate => srv2_prepopulate}/1_units.ldif (62%)
 create mode 100644 devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/2_users.ldif
 create mode 100644 devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/3_groups.ldif

diff --git a/devenv/docker/blocks/auth/openldap-multiple/README.md b/devenv/docker/blocks/auth/openldap-multiple/README.md
new file mode 100644
index 00000000000..b31939c9bbd
--- /dev/null
+++ b/devenv/docker/blocks/auth/openldap-multiple/README.md
@@ -0,0 +1,50 @@
+# OpenLDAP-Multiple Docker Block
+
+This Docker block uses `osixia/openldap` image and should work for Apple's ARM chip.
+Instead of launching solely 1 openldap server, it launches two.
+
+## Deployment
+
+First build and deploy the `openldap` containers.
+
+```bash
+make devenv sources=auth/openldap-multiple
+```
+
+### Exposed ports
+
+The first container will expose port `389` and `636`.
+The second container will expose port `1389` and `1636`.
+
+### Background services
+
+The `osixia/openldap` container will update the database with any `*.ldif` file changes inside `./prepopulate` and the `./modules` folder. Remember to rebuild the `devenv` to apply any changes.
+
+## Grafana configuration changes
+
+The following changes are needed at Grafana's configuration file.
+
+```ini
+[auth.ldap]
+enabled = true
+config_file = ./devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
+```
+
+## Available users and groups 
+
+### Srv1 (dc=srv1-grafana,dc=org)
+- admins
+  - ldap-admin-srv1
+- editors
+  - ldap-editor-srv1
+- no groups
+  - ldap-viewer-srv1
+
+## Srv2 (dc=srv2-grafana,dc=org)
+
+- admins
+  - ldap-admin-srv2
+- editors
+  - ldap-editor-srv2
+- no groups
+  - ldap-viewer-srv2
diff --git a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile b/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile
deleted file mode 100644
index 29e581d2b13..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server.Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-# Fork of https://github.com/dinkel/docker-openldap
-
-FROM debian:jessie
-
-LABEL maintainer="Grafana team <hello@grafana.com>"
-
-ENV OPENLDAP_VERSION 2.4.40
-
-RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
-        slapd=${OPENLDAP_VERSION}* \
-        ldap-utils && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN mv /etc/ldap /etc/ldap.dist
-
-EXPOSE 389
-
-VOLUME ["/etc/ldap", "/var/lib/ldap"]
-
-COPY admins-ldap-server/modules/ /etc/ldap.dist/modules
-COPY admins-ldap-server/prepopulate/ /etc/ldap.dist/prepopulate
-
-COPY ./entrypoint.sh /entrypoint.sh
-COPY ./prepopulate.sh /prepopulate.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
-
-CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]
diff --git a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/modules/memberof.ldif b/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/modules/memberof.ldif
deleted file mode 100644
index fd9cce957c3..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/modules/memberof.ldif
+++ /dev/null
@@ -1,33 +0,0 @@
-dn: cn=module,cn=config
-cn: module
-objectClass: olcModuleList
-objectClass: top
-olcModulePath: /usr/lib/ldap
-olcModuleLoad: memberof.la
-
-dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
-objectClass: olcConfig
-objectClass: olcMemberOf
-objectClass: olcOverlayConfig
-objectClass: top
-olcOverlay: memberof
-olcMemberOfDangling: ignore
-olcMemberOfRefInt: TRUE
-olcMemberOfGroupOC: groupOfNames
-olcMemberOfMemberAD: member
-olcMemberOfMemberOfAD: memberOf
-
-dn: cn=module,cn=config
-cn: module
-objectClass: olcModuleList
-objectClass: top
-olcModulePath: /usr/lib/ldap
-olcModuleLoad: refint.la
-
-dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
-objectClass: olcConfig
-objectClass: olcOverlayConfig
-objectClass: olcRefintConfig
-objectClass: top
-olcOverlay: {1}refint
-olcRefintAttribute: memberof member manager owner
diff --git a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/2_users.ldif b/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/2_users.ldif
deleted file mode 100644
index 1ee592dc7a0..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/2_users.ldif
+++ /dev/null
@@ -1,20 +0,0 @@
-# ldap-admin
-dn: cn=ldap-admin,ou=users,dc=grafana,dc=org
-mail: ldap-admin@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-admin
-cn: ldap-admin
-
-dn: cn=ldap-torkel,ou=users,dc=grafana,dc=org
-mail: ldap-torkel@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-torkel
-cn: ldap-torkel
diff --git a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/3_groups.ldif b/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/3_groups.ldif
deleted file mode 100644
index f7285f8a9c3..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/3_groups.ldif
+++ /dev/null
@@ -1,6 +0,0 @@
-dn: cn=admins,ou=groups,dc=grafana,dc=org
-cn: admins
-objectClass: groupOfNames
-objectClass: top
-member: cn=ldap-admin,ou=users,dc=grafana,dc=org
-member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
diff --git a/devenv/docker/blocks/auth/openldap-multiple/docker-compose.yaml b/devenv/docker/blocks/auth/openldap-multiple/docker-compose.yaml
index 681d8e06473..6f43c3ca4a2 100644
--- a/devenv/docker/blocks/auth/openldap-multiple/docker-compose.yaml
+++ b/devenv/docker/blocks/auth/openldap-multiple/docker-compose.yaml
@@ -1,23 +1,31 @@
-  admins-openldap:
-    build: 
-      context: docker/blocks/auth/openldap-multiple
-      dockerfile: ./admins-ldap-server.Dockerfile
+  srv1-openldap:
+    container_name: srv1-ldap
+    image: osixia/openldap
     environment:
-      SLAPD_PASSWORD: grafana
-      SLAPD_DOMAIN: grafana.org
-      SLAPD_ADDITIONAL_MODULES: memberof
+      LDAP_ORGANISATION: grafana
+      LDAP_DOMAIN: srv1-grafana.org
+      LDAP_ADMIN_PASSWORD: grafana
+      LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/
     ports:
-      - "389:389"
+      - 389:389
+      - 636:636
+    restart: unless-stopped
+    volumes:
+      - ./docker/blocks/auth/openldap-multiple/srv1_prepopulate/:/tmp/smt/
 
-  openldap:
-    build: 
-      context: docker/blocks/auth/openldap-multiple
-      dockerfile: ./ldap-server.Dockerfile
+  srv2-openldap:
+    container_name: srv2-ldap
+    image: osixia/openldap
     environment:
-      SLAPD_PASSWORD: grafana
-      SLAPD_DOMAIN: grafana.org
-      SLAPD_ADDITIONAL_MODULES: memberof
+      LDAP_ORGANISATION: grafana
+      LDAP_DOMAIN: srv2-grafana.org
+      LDAP_ADMIN_PASSWORD: grafana
+      LDAP_SEED_INTERNAL_LDIF_PATH: /tmp/smt/
     ports:
-      - "388:389"
+      - 1389:389
+      - 1636:636
+    restart: unless-stopped
+    volumes:
+      - ./docker/blocks/auth/openldap-multiple/srv2_prepopulate/:/tmp/smt/
 
 
diff --git a/devenv/docker/blocks/auth/openldap-multiple/entrypoint.sh b/devenv/docker/blocks/auth/openldap-multiple/entrypoint.sh
deleted file mode 100755
index 04eaefad5c2..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/entrypoint.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/bash
-
-# When not limiting the open file descriptors limit, the memory consumption of
-# slapd is absurdly high. See https://github.com/docker/docker/issues/8231
-ulimit -n 8192
-
-
-set -e
-
-chown -R openldap:openldap /var/lib/ldap/
-
-if [[ ! -d /etc/ldap/slapd.d ]]; then
-
-    if [[ -z "$SLAPD_PASSWORD" ]]; then
-        echo -n >&2 "Error: Container not configured and SLAPD_PASSWORD not set. "
-        echo >&2 "Did you forget to add -e SLAPD_PASSWORD=... ?"
-        exit 1
-    fi
-
-    if [[ -z "$SLAPD_DOMAIN" ]]; then
-        echo -n >&2 "Error: Container not configured and SLAPD_DOMAIN not set. "
-        echo >&2 "Did you forget to add -e SLAPD_DOMAIN=... ?"
-        exit 1
-    fi
-
-    SLAPD_ORGANIZATION="${SLAPD_ORGANIZATION:-${SLAPD_DOMAIN}}"
-
-    cp -a /etc/ldap.dist/* /etc/ldap
-
-    cat <<-EOF | debconf-set-selections
-        slapd slapd/no_configuration boolean false
-        slapd slapd/password1 password $SLAPD_PASSWORD
-        slapd slapd/password2 password $SLAPD_PASSWORD
-        slapd shared/organization string $SLAPD_ORGANIZATION
-        slapd slapd/domain string $SLAPD_DOMAIN
-        slapd slapd/backend select HDB
-        slapd slapd/allow_ldap_v2 boolean false
-        slapd slapd/purge_database boolean false
-        slapd slapd/move_old_database boolean true
-EOF
-
-    dpkg-reconfigure -f noninteractive slapd >/dev/null 2>&1
-
-    dc_string=""
-
-    IFS="."; declare -a dc_parts=($SLAPD_DOMAIN)
-
-    for dc_part in "${dc_parts[@]}"; do
-        dc_string="$dc_string,dc=$dc_part"
-    done
-
-    base_string="BASE ${dc_string:1}"
-
-    sed -i "s/^#BASE.*/${base_string}/g" /etc/ldap/ldap.conf
-
-    if [[ -n "$SLAPD_CONFIG_PASSWORD" ]]; then
-        password_hash=`slappasswd -s "${SLAPD_CONFIG_PASSWORD}"`
-
-        sed_safe_password_hash=${password_hash//\//\\\/}
-
-        slapcat -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif
-        sed -i "s/\(olcRootDN: cn=admin,cn=config\)/\1\nolcRootPW: ${sed_safe_password_hash}/g" /tmp/config.ldif
-        rm -rf /etc/ldap/slapd.d/*
-        slapadd -n0 -F /etc/ldap/slapd.d -l /tmp/config.ldif >/dev/null 2>&1
-    fi
-
-    if [[ -n "$SLAPD_ADDITIONAL_SCHEMAS" ]]; then
-        IFS=","; declare -a schemas=($SLAPD_ADDITIONAL_SCHEMAS); unset IFS
-
-        for schema in "${schemas[@]}"; do
-            slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/schema/${schema}.ldif" >/dev/null 2>&1
-        done
-    fi
-
-    if [[ -n "$SLAPD_ADDITIONAL_MODULES" ]]; then
-        IFS=","; declare -a modules=($SLAPD_ADDITIONAL_MODULES); unset IFS
-
-        for module in "${modules[@]}"; do
-          echo "Adding module ${module}"
-          slapadd -n0 -F /etc/ldap/slapd.d -l "/etc/ldap/modules/${module}.ldif" >/dev/null 2>&1
-        done
-    fi
-
-    # This needs to run in background
-    # Will prepopulate entries after ldap daemon has started
-    ./prepopulate.sh &
-
-    chown -R openldap:openldap /etc/ldap/slapd.d/ /var/lib/ldap/ /var/run/slapd/
-else
-    slapd_configs_in_env=`env | grep 'SLAPD_'`
-
-    if [ -n "${slapd_configs_in_env:+x}" ]; then
-        echo "Info: Container already configured, therefore ignoring SLAPD_xxx environment variables"
-    fi
-fi
-
-exec "$@"
-
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile b/devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile
deleted file mode 100644
index 7604d1118a3..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap-server.Dockerfile
+++ /dev/null
@@ -1,30 +0,0 @@
-# Fork of https://github.com/dinkel/docker-openldap
-
-FROM debian:jessie
-
-LABEL maintainer="Grafana team <hello@grafana.com>"
-
-ENV OPENLDAP_VERSION 2.4.40
-
-RUN apt-get update && \
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
-        slapd=${OPENLDAP_VERSION}* \
-        ldap-utils && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN mv /etc/ldap /etc/ldap.dist
-
-EXPOSE 389
-
-VOLUME ["/etc/ldap", "/var/lib/ldap"]
-
-COPY ldap-server/modules/ /etc/ldap.dist/modules
-COPY ldap-server/prepopulate/ /etc/ldap.dist/prepopulate
-
-COPY ./entrypoint.sh /entrypoint.sh
-COPY ./prepopulate.sh /prepopulate.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
-
-CMD ["slapd", "-d", "32768", "-u", "openldap", "-g", "openldap"]
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/modules/memberof.ldif b/devenv/docker/blocks/auth/openldap-multiple/ldap-server/modules/memberof.ldif
deleted file mode 100644
index fd9cce957c3..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/modules/memberof.ldif
+++ /dev/null
@@ -1,33 +0,0 @@
-dn: cn=module,cn=config
-cn: module
-objectClass: olcModuleList
-objectClass: top
-olcModulePath: /usr/lib/ldap
-olcModuleLoad: memberof.la
-
-dn: olcOverlay={0}memberof,olcDatabase={1}hdb,cn=config
-objectClass: olcConfig
-objectClass: olcMemberOf
-objectClass: olcOverlayConfig
-objectClass: top
-olcOverlay: memberof
-olcMemberOfDangling: ignore
-olcMemberOfRefInt: TRUE
-olcMemberOfGroupOC: groupOfNames
-olcMemberOfMemberAD: member
-olcMemberOfMemberOfAD: memberOf
-
-dn: cn=module,cn=config
-cn: module
-objectClass: olcModuleList
-objectClass: top
-olcModulePath: /usr/lib/ldap
-olcModuleLoad: refint.la
-
-dn: olcOverlay={1}refint,olcDatabase={1}hdb,cn=config
-objectClass: olcConfig
-objectClass: olcOverlayConfig
-objectClass: olcRefintConfig
-objectClass: top
-olcOverlay: {1}refint
-olcRefintAttribute: memberof member manager owner
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/2_users.ldif b/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/2_users.ldif
deleted file mode 100644
index 8e1dfbf603a..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/2_users.ldif
+++ /dev/null
@@ -1,59 +0,0 @@
-dn: cn=ldap-editor,ou=users,dc=grafana,dc=org
-mail: ldap-editor@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-editor
-cn: ldap-editor
-
-dn: cn=ldap-viewer,ou=users,dc=grafana,dc=org
-mail: ldap-viewer@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-viewer
-cn: ldap-viewer
-
-dn: cn=ldap-carl,ou=users,dc=grafana,dc=org
-mail: ldap-carl@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-carl
-cn: ldap-carl
-
-dn: cn=ldap-daniel,ou=users,dc=grafana,dc=org
-mail: ldap-daniel@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-daniel
-cn: ldap-daniel
-
-dn: cn=ldap-leo,ou=users,dc=grafana,dc=org
-mail: ldap-leo@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-leo
-cn: ldap-leo
-
-dn: cn=ldap-tobias,ou=users,dc=grafana,dc=org
-mail: ldap-tobias@grafana.com
-userPassword: grafana
-objectClass: person
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-sn: ldap-tobias
-cn: ldap-tobias
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/3_groups.ldif b/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/3_groups.ldif
deleted file mode 100644
index 8d55eaaa707..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/3_groups.ldif
+++ /dev/null
@@ -1,23 +0,0 @@
-dn: cn=admins,ou=groups,dc=grafana,dc=org
-cn: admins
-objectClass: groupOfNames
-objectClass: top
-
-dn: cn=editors,ou=groups,dc=grafana,dc=org
-cn: editors
-objectClass: groupOfNames
-member: cn=ldap-editor,ou=users,dc=grafana,dc=org
-
-dn: cn=backend,ou=groups,dc=grafana,dc=org
-cn: backend
-objectClass: groupOfNames
-member: cn=ldap-carl,ou=users,dc=grafana,dc=org
-member: cn=ldap-leo,ou=users,dc=grafana,dc=org
-member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
-
-dn: cn=frontend,ou=groups,dc=grafana,dc=org
-cn: frontend
-objectClass: groupOfNames
-member: cn=ldap-torkel,ou=users,dc=grafana,dc=org
-member: cn=ldap-daniel,ou=users,dc=grafana,dc=org
-member: cn=ldap-leo,ou=users,dc=grafana,dc=org
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml b/devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
index c4c2516694f..5348989fc90 100644
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
+++ b/devenv/docker/blocks/auth/openldap-multiple/ldap_dev.toml
@@ -4,18 +4,21 @@
 
 # For the verbose comments options see "openldap" env block
 
-# --- First LDAP Server (only admins) ---
-
+# --- First LDAP Server ---
 [[servers]]
 host = "127.0.0.1"
 port = 389
 use_ssl = false
 start_tls = false
+tls_ciphers = []
+min_tls_version = ""
 ssl_skip_verify = false
-bind_dn = "cn=admin,dc=grafana,dc=org"
+
+timeout = 10
+bind_dn = "cn=admin,dc=srv1-grafana,dc=org"
 bind_password = 'grafana'
 search_filter = "(cn=%s)"
-search_base_dns = ["ou=users,dc=grafana,dc=org"]
+search_base_dns = ["dc=srv1-grafana,dc=org"]
 
 [servers.attributes]
 name = "givenName"
@@ -24,36 +27,53 @@ username = "cn"
 member_of = "memberOf"
 email =  "email"
 
+# Map ldap groups to grafana org roles
 [[servers.group_mappings]]
-group_dn = "cn=admins,ou=groups,dc=grafana,dc=org"
+group_dn = "cn=admins,ou=groups,dc=srv1-grafana,dc=org"
 org_role = "Admin"
-grafana_admin = true
-
-# --- Second LDAP Server (rest of the users) ---
-
-[[servers]]
-host = "127.0.0.1"
-port = 388
-use_ssl = false
-start_tls = false
-ssl_skip_verify = false
-
-bind_dn = "cn=admin,dc=grafana,dc=org"
-bind_password = 'grafana'
-search_filter = "(cn=%s)"
-search_base_dns = ["ou=users,dc=grafana,dc=org"]
-
-[servers.attributes]
-name = "givenName"
-surname = "sn"
-username = "cn"
-member_of = "memberOf"
-email =  "email"
 
 [[servers.group_mappings]]
-group_dn = "cn=editors,ou=groups,dc=grafana,dc=org"
+group_dn = "cn=editors,ou=groups,dc=srv1-grafana,dc=org"
 org_role = "Editor"
 
 [[servers.group_mappings]]
 group_dn = "*"
 org_role = "Viewer"
+
+
+# --- Second LDAP Server ---
+
+[[servers]]
+host = "127.0.0.1"
+port = 1389
+use_ssl = false
+start_tls = false
+tls_ciphers = []
+min_tls_version = ""
+ssl_skip_verify = false
+
+timeout = 10
+bind_dn = "cn=admin,dc=srv2-grafana,dc=org"
+bind_password = 'grafana'
+search_filter = "(cn=%s)"
+search_base_dns = ["dc=srv2-grafana,dc=org"]
+
+[servers.attributes]
+name = "givenName"
+surname = "sn"
+username = "cn"
+member_of = "memberOf"
+email =  "email"
+
+# Map ldap groups to grafana org roles
+[[servers.group_mappings]]
+group_dn = "cn=admins,ou=groups,dc=srv2-grafana,dc=org"
+org_role = "Admin"
+
+[[servers.group_mappings]]
+group_dn = "cn=editors,ou=groups,dc=srv2-grafana,dc=org"
+org_role = "Editor"
+
+[[servers.group_mappings]]
+group_dn = "*"
+org_role = "Viewer"
\ No newline at end of file
diff --git a/devenv/docker/blocks/auth/openldap-multiple/notes.md b/devenv/docker/blocks/auth/openldap-multiple/notes.md
deleted file mode 100644
index 1fcbfa013db..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/notes.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Notes on Multiple OpenLdap Docker Block
-
-This is very similar to openldap docker block, but it creates multiple ldap servers instead of one.
-
-Any ldif files added to the prepopulate subdirectory will be automatically imported into the OpenLdap database.
-
-"admins-ldap-server" block contains admin group and admin users. The "ldap-server" block has all the rest of the users. See below for the full list of users.
-
-This blocks are here to help with testing multiple LDAP servers, for any other LDAP related development and testing "openldap" block should be used.
-
-## Enabling LDAP in Grafana
-
-Copy the ldap_dev.toml file in this folder into your `conf` folder (it is gitignored already). To enable it in the .ini file to get Grafana to use this block:
-
-```ini
-[auth.ldap]
-enabled = true
-config_file = conf/ldap_dev.toml
-; allow_sign_up = true
-```
-
-## Groups & Users
-
-admins
-  ldap-admin
-  ldap-torkel
-backend
-  ldap-carl
-  ldap-torkel
-  ldap-leo
-frontend
-  ldap-torkel
-  ldap-tobias
-  ldap-daniel
-editors
-  ldap-editor
-no groups
-  ldap-viewer
diff --git a/devenv/docker/blocks/auth/openldap-multiple/prepopulate.sh b/devenv/docker/blocks/auth/openldap-multiple/prepopulate.sh
deleted file mode 100755
index aa11f8aba4f..00000000000
--- a/devenv/docker/blocks/auth/openldap-multiple/prepopulate.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/bash
-
-echo "Pre-populating ldap entries, first waiting for ldap to start"
-
-sleep 3
-
-adminUserDn="cn=admin,dc=grafana,dc=org"
-adminPassword="grafana"
-
-for file in `ls /etc/ldap/prepopulate/*.ldif`; do
-  ldapadd -x -D $adminUserDn -w $adminPassword -f "$file"
-done
-
-
diff --git a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/1_units.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/1_units.ldif
similarity index 62%
rename from devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/1_units.ldif
rename to devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/1_units.ldif
index 22e06303688..a0512e3787a 100644
--- a/devenv/docker/blocks/auth/openldap-multiple/ldap-server/prepopulate/1_units.ldif
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/1_units.ldif
@@ -1,9 +1,9 @@
-dn: ou=groups,dc=grafana,dc=org
+dn: ou=groups,dc=srv1-grafana,dc=org
 ou: Groups
 objectclass: top
 objectclass: organizationalUnit
 
-dn: ou=users,dc=grafana,dc=org
+dn: ou=users,dc=srv1-grafana,dc=org
 ou: Users
 objectclass: top
 objectclass: organizationalUnit
diff --git a/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/2_users.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/2_users.ldif
new file mode 100644
index 00000000000..5da0cbc3dc0
--- /dev/null
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/2_users.ldif
@@ -0,0 +1,30 @@
+# ldap-admin-srv1
+dn: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org
+mail: ldap-admin-srv1@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-admin-srv1
+cn: ldap-admin-srv1
+
+dn: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org
+mail: ldap-editor-srv1@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-editor-srv1
+cn: ldap-editor-srv1
+
+dn: cn=ldap-viewer-srv1,ou=users,dc=srv1-grafana,dc=org
+mail: ldap-viewer-srv1@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-viewer-srv1
+cn: ldap-viewer-srv1
\ No newline at end of file
diff --git a/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/3_groups.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/3_groups.ldif
new file mode 100644
index 00000000000..a0864eeb731
--- /dev/null
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv1_prepopulate/3_groups.ldif
@@ -0,0 +1,10 @@
+dn: cn=admins,ou=groups,dc=srv1-grafana,dc=org
+cn: admins
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: cn=ldap-admin-srv1,ou=users,dc=srv1-grafana,dc=org
+
+dn: cn=editors,ou=groups,dc=srv1-grafana,dc=org
+cn: editors
+objectClass: groupOfUniqueNames
+uniqueMember: cn=ldap-editor-srv1,ou=users,dc=srv1-grafana,dc=org
diff --git a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/1_units.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/1_units.ldif
similarity index 62%
rename from devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/1_units.ldif
rename to devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/1_units.ldif
index 22e06303688..7305e8b6618 100644
--- a/devenv/docker/blocks/auth/openldap-multiple/admins-ldap-server/prepopulate/1_units.ldif
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/1_units.ldif
@@ -1,9 +1,9 @@
-dn: ou=groups,dc=grafana,dc=org
+dn: ou=groups,dc=srv2-grafana,dc=org
 ou: Groups
 objectclass: top
 objectclass: organizationalUnit
 
-dn: ou=users,dc=grafana,dc=org
+dn: ou=users,dc=srv2-grafana,dc=org
 ou: Users
 objectclass: top
 objectclass: organizationalUnit
diff --git a/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/2_users.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/2_users.ldif
new file mode 100644
index 00000000000..5488628f064
--- /dev/null
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/2_users.ldif
@@ -0,0 +1,30 @@
+# ldap-admin-srv2
+dn: cn=ldap-admin-srv2-srv2,ou=users,dc=srv2-grafana,dc=org
+mail: ldap-admin-srv2@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-admin-srv2
+cn: ldap-admin-srv2
+
+dn: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org
+mail: ldap-editor-srv2@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-editor-srv2
+cn: ldap-editor-srv2
+
+dn: cn=ldap-viewer-srv2,ou=users,dc=srv2-grafana,dc=org
+mail: ldap-viewer-srv2@grafana.com
+userPassword: grafana
+objectClass: person
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+sn: ldap-viewer-srv2
+cn: ldap-viewer-srv2
\ No newline at end of file
diff --git a/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/3_groups.ldif b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/3_groups.ldif
new file mode 100644
index 00000000000..64d0cb65733
--- /dev/null
+++ b/devenv/docker/blocks/auth/openldap-multiple/srv2_prepopulate/3_groups.ldif
@@ -0,0 +1,10 @@
+dn: cn=admins,ou=groups,dc=srv2-grafana,dc=org
+cn: admins
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: cn=ldap-admin-srv2,ou=users,dc=srv2-grafana,dc=org
+
+dn: cn=editors,ou=groups,dc=srv2-grafana,dc=org
+cn: editors
+objectClass: groupOfUniqueNames
+uniqueMember: cn=ldap-editor-srv2,ou=users,dc=srv2-grafana,dc=org