diff --git a/tests/setup/Dockerfile b/tests/setup/Dockerfile
index e2071121..fa46d8e7 100644
--- a/tests/setup/Dockerfile
+++ b/tests/setup/Dockerfile
@@ -3,11 +3,8 @@ FROM lldap/lldap:2025-05-19
 
 WORKDIR /app
 
-RUN curl -o /bin/lldap-cli https://raw.githubusercontent.com/Zepmann/lldap-cli/e383494b4dd89ae4e028958b268e200fd85a7a64/lldap-cli
-
 COPY seed-lldap.sh .
-RUN chmod +x ./seed-lldap.sh /bin/lldap-cli
+RUN chmod +x ./seed-lldap.sh
 RUN cp lldap_set_password /bin
 
 ENTRYPOINT /docker-entrypoint.sh run --config-file /data/lldap_config.toml & ./seed-lldap.sh && wait
-
diff --git a/tests/setup/seed-lldap.sh b/tests/setup/seed-lldap.sh
index f30773e9..34ae470f 100644
--- a/tests/setup/seed-lldap.sh
+++ b/tests/setup/seed-lldap.sh
@@ -1,87 +1,202 @@
 #!/bin/sh
-set -e
+set -eu
+
+LLDAP_HTTP_URL="http://localhost:17170"
+LLDAP_ADMIN_USERNAME="admin"
+LLDAP_ADMIN_PASSWORD="admin_password"
+LLDAP_TOKEN=""
+
+login() {
+  response="$(
+    jq -n \
+      --arg username "$LLDAP_ADMIN_USERNAME" \
+      --arg password "$LLDAP_ADMIN_PASSWORD" \
+      '{username: $username, password: $password}' |
+      curl -fsS \
+        -X POST \
+        -H 'Content-Type: application/json' \
+        --data-binary @- \
+        "$LLDAP_HTTP_URL/auth/simple/login"
+  )"
+
+  LLDAP_TOKEN="$(printf '%s' "$response" | jq -r '.token // empty')"
+  if [ -z "$LLDAP_TOKEN" ]; then
+    echo "Failed to authenticate to LLDAP" >&2
+    exit 1
+  fi
+}
+
+graphql() {
+  query="$1"
+  if [ "$#" -ge 2 ]; then
+    variables="$2"
+  else
+    variables="{}"
+  fi
+
+  response="$(
+    jq -cn \
+      --arg query "$query" \
+      --argjson variables "$variables" \
+      '{query: $query, variables: $variables}' |
+      curl -fsS \
+        -H 'Content-Type: application/json' \
+        -H "Authorization: Bearer $LLDAP_TOKEN" \
+        --data-binary @- \
+        "$LLDAP_HTTP_URL/api/graphql"
+  )"
+
+  errors="$(printf '%s' "$response" | jq -r '.errors[]?.message')"
+  if [ -n "$errors" ]; then
+    echo "$errors" >&2
+    return 1
+  fi
+
+  printf '%s\n' "$response"
+}
+
+user_exists() {
+  response="$(graphql '{users{id}}' '{}')"
+  printf '%s' "$response" | jq -e --arg id "$1" '.data.users[]? | select(.id == $id)' >/dev/null
+}
+
+create_user() {
+  id="$1"
+  email="$2"
+  display_name="$3"
+  first_name="$4"
+  last_name="$5"
+  password="$6"
+
+  variables="$(
+    jq -cn \
+      --arg id "$id" \
+      --arg email "$email" \
+      --arg displayName "$display_name" \
+      --arg firstName "$first_name" \
+      --arg lastName "$last_name" \
+      '{user: {id: $id, email: $email, displayName: $displayName, firstName: $firstName, lastName: $lastName, avatar: ""}}'
+  )"
+
+  graphql 'mutation createUser($user:CreateUserInput!){createUser(user:$user){id}}' "$variables" >/dev/null
+  lldap_set_password -b "$LLDAP_HTTP_URL" --token="$LLDAP_TOKEN" -u "$id" -p "$password"
+  echo "Created user: $id"
+}
+
+create_group() {
+  name="$1"
+  variables="$(jq -cn --arg name "$name" '{group: $name}')"
+
+  graphql 'mutation createGroup($group:String!){createGroup(name:$group){id}}' "$variables" >/dev/null
+  echo "Created group: $name"
+}
+
+get_group_id() {
+  name="$1"
+  response="$(graphql '{groups{id displayName}}' '{}')"
+  group_id="$(printf '%s' "$response" | jq -r --arg name "$name" '.data.groups[]? | select(.displayName == $name) | .id' | head -n 1)"
+
+  if [ -z "$group_id" ]; then
+    echo "Failed to retrieve group ID for group: $name" >&2
+    return 1
+  fi
+
+  printf '%s\n' "$group_id"
+}
+
+update_group_display_name() {
+  name="$1"
+  display_name="$2"
+  group_id="$(get_group_id "$name")"
+  variables="$(
+    jq -cn \
+      --argjson id "$group_id" \
+      --arg displayName "$display_name" \
+      '{group: {id: $id, insertAttributes: {name: "display_name", value: $displayName}}}'
+  )"
+
+  graphql 'mutation updateGroup($group:UpdateGroupInput!){updateGroup(group:$group){ok}}' "$variables" >/dev/null
+  echo "Attribute set for group: $name, attribute: display_name, value: $display_name"
+}
+
+add_user_to_group() {
+  user_id="$1"
+  group_name="$2"
+  group_id="$(get_group_id "$group_name")"
+  variables="$(
+    jq -cn \
+      --arg userId "$user_id" \
+      --argjson groupId "$group_id" \
+      '{userId: $userId, groupId: $groupId}'
+  )"
+
+  graphql 'mutation addUserToGroup($userId:String!,$groupId:Int!){addUserToGroup(userId:$userId,groupId:$groupId){ok}}' "$variables" >/dev/null
+}
+
+add_user_to_group_with_retry() {
+  user_id="$1"
+  group_name="$2"
+  i=1
+
+  while [ "$i" -le 3 ]; do
+    echo "Attempt $i to add $user_id to $group_name"
+    if add_user_to_group "$user_id" "$group_name"; then
+      echo "Successfully added $user_id to $group_name"
+      return 0
+    fi
+
+    if [ "$i" -eq 3 ]; then
+      echo "Warning: Could not add $user_id to $group_name after 3 attempts"
+      return 0
+    fi
+
+    echo "Failed to add $user_id to $group_name, retrying in 2 seconds..."
+    sleep 2
+    i=$((i + 1))
+  done
+}
 
 # Wait for LLDAP to start
-for i in {1..15}; do
-  if curl -s --fail http://localhost:17170/api/healthcheck >/dev/null; then
+i=1
+while [ "$i" -le 15 ]; do
+  if curl -s --fail "$LLDAP_HTTP_URL/api/healthcheck" >/dev/null; then
     echo "LLDAP is ready"
     break
   fi
-  if [ $i -eq 15 ]; then
+  if [ "$i" -eq 15 ]; then
     echo "LLDAP failed to start in time"
     exit 1
   fi
   echo "Waiting for LLDAP... ($i/15)"
   sleep 3
+  i=$((i + 1))
 done
 
-# Configure LLDAP CLI connection via environment variables
-export LLDAP_HTTPURL="http://localhost:17170"
-export LLDAP_USERNAME="admin"
-export LLDAP_PASSWORD="admin_password"
+login
 
 echo "Checking if data is already seeded..."
-if lldap-cli user list | grep -q "testuser1"; then
+if user_exists "testuser1"; then
   echo "Data already seeded, skipping setup."
   exit 0
 fi
 
 echo "Setting up LLDAP test data..."
 
-# Create test users using the user add command
 echo "Creating test users..."
-lldap-cli user add "testuser1" "testuser1@pocket-id.org" \
-  -p "password123" \
-  -d "Test User 1" \
-  -f "Test" \
-  -l "User"
+create_user "testuser1" "testuser1@pocket-id.org" "Test User 1" "Test" "User" "password123"
+create_user "testuser2" "testuser2@pocket-id.org" "Test User 2" "Test2" "User2" "password123"
 
-lldap-cli user add "testuser2" "testuser2@pocket-id.org" \
-  -p "password123" \
-  -d "Test User 2" \
-  -f "Test2" \
-  -l "User2"
-
-# Create test groups
 echo "Creating test groups..."
-lldap-cli group add "test_group"
+create_group "test_group"
 sleep 1
-lldap-cli group update set "test_group" "display_name" "test_group"
+update_group_display_name "test_group" "test_group"
 
-lldap-cli group add "admin_group"
+create_group "admin_group"
 sleep 1
-lldap-cli group update set "admin_group" "display_name" "admin_group"
+update_group_display_name "admin_group" "admin_group"
 
-# Add users to groups with retry logic
 echo "Adding users to groups..."
-for i in {1..3}; do
-  echo "Attempt $i to add testuser1 to test_group"
-  if lldap-cli user group add "testuser1" "test_group"; then
-    echo "Successfully added testuser1 to test_group"
-    break
-  else
-    echo "Failed to add testuser1 to test_group, retrying in 2 seconds..."
-    sleep 2
-  fi
-
-  if [ $i -eq 3 ]; then
-    echo "Warning: Could not add testuser1 to test_group after 3 attempts"
-  fi
-done
-
-for i in {1..3}; do
-  echo "Attempt $i to add testuser2 to admin_group"
-  if lldap-cli user group add "testuser2" "admin_group"; then
-    echo "Successfully added testuser2 to admin_group"
-    break
-  else
-    echo "Failed to add testuser2 to admin_group, retrying in 2 seconds..."
-    sleep 2
-  fi
-
-  if [ $i -eq 3 ]; then
-    echo "Warning: Could not add testuser2 to admin_group after 3 attempts"
-  fi
-done
+add_user_to_group_with_retry "testuser1" "test_group"
+add_user_to_group_with_retry "testuser2" "admin_group"
 
 echo "LLDAP test data setup complete"