Voir :
The nscd Apparmor profile is not prepared for that and needs some additional capabilities added.
Necessary changes are:
server-user nobody
capability setgid,
capability setuid,
After adding these lines, restart Apparmor and subsequently nscd
source : https://www.suse.com/fr-fr/support/kb/doc/?id=000017971