Only one local user needs access? Can it be owned by apache and writeable by the LDAP group?
Filesystem ACLs let you specify two groups, will that work?
Intentionally creating a GID collision at the scope of the local machine does not appear to have solved your problem, so I'd undo that right away.
It's probably going to be more than one user. I'm thinking ACLs might be the way to go.
Jacob
sssd-users@lists.fedorahosted.org