plugin does not work if OpenVPN daemon runs as nobody/nogoup and SSL enabled

[czstrfr]

Dear all,

not sure if this was already discussed somewhere, couldnt find any hins.
If the plugin is configured to communicate with OpenLDAP using SSL connection and OpenVPN daemon runs as user nobody with group nogroup, the communication is somehow broken and I can not authorise against OpenLDAP server on port 636.
Running OpenVPN as root solves the problem. Is there any chance to get this fixed or is there any workaround please?

Plugin settings:

<LDAP>
    URL			ldaps://ldap.example.lan:636
    BindDN		cn=manager,dc=example,dc=lan
    Password	        1StrongPass.
    Timeout		15
    TLSEnable		no
    TLSCACertFile	/usr/local/etc/ssl/ca_cert.pem
    TLSCACertDir	/etc/ssl/certs
    TLSCertFile		/usr/local/etc/ssl/openvpn-node.crt
    TLSKeyFile		/usr/local/etc/ssl/openvpn-node.key
    FollowReferrals	no
</LDAP>

OpenVPN server setting:

local 192.168.83.77
port 1194
proto udp4
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.83.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 192.168.83.1"
keepalive 10 120
cipher AES-256-CBC
# user nobody
# group nogroup
persist-key
persist-tun
verb 3
setenv verb 9
crl-verify crl.pem
explicit-exit-notify
plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.conf

[czstrfr]

Forgot to mention this is running inside unprivileged LXC container however I think it doesn't make any difference