diff --git a/Dockerfile.fedora-rawhide b/Dockerfile.fedora-rawhide
index 9e9d720d..40f40d93 100644
--- a/Dockerfile.fedora-rawhide
+++ b/Dockerfile.fedora-rawhide
@@ -19,6 +19,11 @@ RUN dnf upgrade -y --setopt=install_weak_deps=False \
 # var-lib-nfs-rpc_pipefs.mount would run (and fail) nondeterministically
 RUN systemctl mask rpc-gssd.service
 
+RUN mkdir /usr/lib/systemd/system/sssd.service.d
+# Workaround https://bugzilla.redhat.com/show_bug.cgi?id=2334087
+RUN ( echo '[Service]' ; sed '/^CapabilityBoundingSet=/!d; s/CAP_DAC_READ_SEARCH/& CAP_DAC_OVERRIDE/' /usr/lib/systemd/system/sssd.service ) > /usr/lib/systemd/system/sssd.service.d/capabilities.conf
+RUN setcap cap_dac_override+ep /usr/libexec/sssd/ldap_child
+
 # Container image which runs systemd
 # debug: RUN test -f /etc/machine-id && ! test -s /etc/machine-id
 # debug: RUN test "$container" = oci