Revision d9ab4c1f-d931-4d4f-9699-db6c70474736

I don’t think you can do any better than retrieving each member user’s information:

```lang-sh
groupinfo="$(getent group xyz)"
groupinfo="${groupinfo#*:*:}"
gid="${groupinfo%%:*}"
members="${groupinfo##*:}"
(IFS=,; set -f; for member in $members; do
 getent passwd $member | grep -E "([^:]+:){3}$gid:"
 done)
```

If your LDAP server allows you to enumerate all users with `getent passwd`, you could parse that instead after determining the gid:

```lang-sh
groupinfo="$(getent group xyz)"
groupinfo="${groupinfo#*:*:}"
gid="${groupinfo%%:*}"
getent passwd | grep -E "([^:]+:){3}$gid:"
```