Index: default_workflow.py
===================================================================
--- default_workflow.py	(revision 5898)
+++ default_workflow.py	(working copy)
@@ -28,6 +28,11 @@
 from trac.util.compat import set
 from trac.util.translation import _
 
+## these imports are for LDAP group lookup 
+##    for assign_to dropdown functionality
+import active_directory
+import threading, pythoncom
+
 # -- Utilities for the ConfigurableTicketWorkflow
 
 def parse_workflow_config(rawactions):
@@ -209,6 +214,45 @@
                 perm = PermissionSystem(self.env)
                 owners = perm.get_users_with_permission('TICKET_MODIFY')
                 owners.sort()
+            #### BEGIN LDAP CODE ##############################################
+            elif self.config.getbool('ticket','ldap_restrict_owner_by_groups'):
+                perm = PermissionSystem(self.env)
+                owners = perm.get_users_with_permission('TICKET_MODIFY')
+                owners.sort()
+                ldap_valid_owner_groups = self.config.getlist('ticket', 
+                                                    'ldap_valid_owner_groups')
+                self.env.log.debug('** restrict_owner_by_ldap_groups = %s' % 
+                                            str(self.config.getbool('ticket', 
+                                            'ldap_restrict_owner_by_groups')))
+                self.env.log.debug('** ldap_valid_owner_groups = %s' % 
+                                            str(ldap_valid_owner_groups))
+                """
+                To fix a bizarro error ultimately caused by the 
+                active_directory module's use of pywin32 (and pythoncom 
+                via pywin32) the error will be something like 
+                "com_error: (-2147221008, 'CoInitialize has not been called.', None, None)"
+                http://mail.python.org/pipermail/python-win32/2006-December/005425.html
+                """
+                if threading.currentThread().getName() <> 'MainThread':
+                    pythoncom.CoInitialize()
+                ###########
+                all_users = set()
+                for cn in ldap_valid_owner_groups:
+                    grp = active_directory.find_group(cn)
+                    if grp:
+                        this_grp_users = set()
+                        for group, groups, users in grp.walk ():
+                            this_grp_users.update(users)
+                        ## weed out ALT accounts
+                        this_grp_users = [x for x in this_grp_users if 
+                                                'ALT' not in x.displayName]
+                        all_users.update(this_grp_users)
+                ldap_show_user_attribute = self.config.get('ticket', 
+                                'ldap_show_user_attribute', 'sAMAccountName')
+                owners = [getattr(x, ldap_show_user_attribute) for x in all_users]
+                owners.sort()
+                self.env.log.debug('** owners: %s' % str(owners))
+            #### END LDAP CODE ################################################
             else:
                 owners = None