LXD allows non-privileged users to run lxc commands. You can do that by specifying the daemon.user.group.
However, when I try that with a group from FreeIPA/SSSD it doesn’t work. There is no error message, but the file /var/snap/lxd/common/lxd-user/unix.socket remains owned by root.lxd. It only works with a group that is present in /etc/group.