| | 217 | #### BEGIN LDAP CODE ############################################## |
| | 218 | elif self.config.getbool('ticket','ldap_restrict_owner_by_groups'): |
| | 219 | perm = PermissionSystem(self.env) |
| | 220 | owners = perm.get_users_with_permission('TICKET_MODIFY') |
| | 221 | owners.sort() |
| | 222 | ldap_valid_owner_groups = self.config.getlist('ticket', |
| | 223 | 'ldap_valid_owner_groups') |
| | 224 | self.env.log.debug('** restrict_owner_by_ldap_groups = %s' % |
| | 225 | str(self.config.getbool('ticket', |
| | 226 | 'ldap_restrict_owner_by_groups'))) |
| | 227 | self.env.log.debug('** ldap_valid_owner_groups = %s' % |
| | 228 | str(ldap_valid_owner_groups)) |
| | 229 | """ |
| | 230 | To fix a bizarro error ultimately caused by the |
| | 231 | active_directory module's use of pywin32 (and pythoncom |
| | 232 | via pywin32) the error will be something like |
| | 233 | "com_error: (-2147221008, 'CoInitialize has not been called.', None, None)" |
| | 234 | http://mail.python.org/pipermail/python-win32/2006-December/005425.html |
| | 235 | """ |
| | 236 | if threading.currentThread().getName() <> 'MainThread': |
| | 237 | pythoncom.CoInitialize() |
| | 238 | ########### |
| | 239 | all_users = set() |
| | 240 | for cn in ldap_valid_owner_groups: |
| | 241 | grp = active_directory.find_group(cn) |
| | 242 | if grp: |
| | 243 | this_grp_users = set() |
| | 244 | for group, groups, users in grp.walk (): |
| | 245 | this_grp_users.update(users) |
| | 246 | ## weed out ALT accounts |
| | 247 | this_grp_users = [x for x in this_grp_users if |
| | 248 | 'ALT' not in x.displayName] |
| | 249 | all_users.update(this_grp_users) |
| | 250 | ldap_show_user_attribute = self.config.get('ticket', |
| | 251 | 'ldap_show_user_attribute', 'sAMAccountName') |
| | 252 | owners = [getattr(x, ldap_show_user_attribute) for x in all_users] |
| | 253 | owners.sort() |
| | 254 | self.env.log.debug('** owners: %s' % str(owners)) |
| | 255 | #### END LDAP CODE ################################################ |
