midPoint Demo Upgrade HOWTO

Last modified 05 Apr 2022 15:32 +02:00

OBSOLETE

This functionality is obsolete. It is no longer supported or maintained.

midPoint demo migration guide

Together with midPoint upgrade also new version of live demo was made. This guide describes midPoint migration from 2.2.1 to 3.0 version in following steps:

Download and install*Virtual box* via https://www.virtualbox.org/wiki/Downloads and select appropriate platform package.
\=================================================================================================================================================================
Download*ubuntu server* via http://virtualboxes.org/images/ubuntu-server/ and select https://s3-eu-west-1.amazonaws.com/virtualboxes.org/ubuntu-14.04-server-i386.ova.torrent
\=================================================================================================================================================================
Download and install utorrent via http://www.utorrent.com/downloads/win (select stable version). Add and start to download ubuntu-14.04-server-i386.ova.torrent
Download midpoint 2.2.1 VM (demo-2.2.1-new-ip-ovf1.ova). New user has to be added with new password via command: sudo adduser … sudo.
Also edit of interfaces is needed via command: sudo vim /etc/network/interfaces where static is replaced with dhcp and parts below are commented.
Restart is needed via command: sudo service networking restart or sudo /etc/init.d/networking restart
\=================================================================================================================================================================
Import new VM (ubuntu-14.04-server-i386.ova) into Virtual box where midpoint 3.0 is to be installed. Set up settings, especially motherboard base memory with 2048 MB.
\=================================================================================================================================================================
Download and install putty.exe via http://www.chiark.greenend.org.uk/sgtatham/putty/download.html
\=================================================================================================================================================================
Set up Port forwarding in midpoint demo VM in Virtual box (Settings → Network → Advanced) in order to run midpoint, putty and web applications:
+

Name	Protocol	Host IP	Host Port	Guest IP	Guest Port
Rule1 (midpoint)	TCP	127.0.0.1	8080	10.0.2.15	8080
Rule2 (web apps)	TCP		5678		80
Rule3 (putty)	TCP		2222		22

You can check out your Host IP and Guest IP in ubuntu via command: ifconfig       In case you are working in windows (where virtual box is installed) possibility to create new port (for example for putty) is via command: C:\Program Files\Oracle\Virtual Box>VBoxManage modifyvm "ubuntu-14.04-server-i386" --natpf1 "Rule3,tcp,,2222,,22" +

Install*JDK* via command:

sudo add-apt-repository link:http://ppawebupd8team[ppa:webupd8team/java] +
sudo apt-get update +
sudo apt-get install oracle-java6-installer +
sudo apt-get install oracle-java7-installer +
sudo apt-get install oracle-java8-installer +
sudo apt-get update +

Tomcat*installation and configuration* on VM (check also midPoint on Ubuntu, Tomcat, PostgreSQL HOWTO and https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-7-on-ubuntu-14-04-via-apt-get) via commands:
```
sudo apt-get install tomcat7
sudo apt-get install tomcat7-docs tomcat7-admin tomcat7-examples
sudo apt-get install ant git
sudo vim /etc/tomcat7/tomcat-users.xml
<tomcat-users>
<user username="administrator" password="5ecr3t" roles="manager-gui,admin-gui"/>
</tomcat-users>
sudo service tomcat7 restart
```
Also file setenv.sh with content (CATALINA_OUT=/var/log/tomcat7/catalina.out) has to be created via command:
```
sudo vim /usr/share/tomcat7/bin/setenv.sh
```
At last check in browser connection via: http://localhost:8080

It works! should appear. Once installed, you can access the manager webapp and the host-manager webapp entering username administrator and password 5ecr3t.
PostgreSQL*installation.* Check midPoint on Ubuntu, Tomcat, PostgreSQL HOWTO
To install PostgreSQL, run the following command: sudo apt-get install postgresql
\=================================================================================================================================================================

LDAP installation. Check also https://help.ubuntu.com/14.04/serverguide/serverguide.pdf. To install LDAP, run the following command:

    sudo apt-get install slapd ldap-utils +
    sudo ufw app list +
    sudo ufw allow "openLDAP LDAP" +

This is command what the slapd-config DIT looks like via the LDAP protocol:

sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi://wiki.evolveum.com/[ldapi:///] -b cn=config dn

This is command what the dc=example,dc=com DIT looks like:

ldapsearch -x -LLL -H link:ldap://wiki.evolveum.com/[ldap:///] -b dc=example,dc=com dn +

Midpoint 3.0 installation. Check also: midPoint on Ubuntu, Tomcat, PostgreSQL HOWTO
Download midpoint last recent version via command:
sudo wget "athena.evolveum.com/builds/master/build2781-v3.0.1devel-15-g0c62837/midpoint-3.1-SNAPSHOT-dist.tar.gz"

Unpack the file via command:

sudo tar -zxvf */midpoint-3.1-SNAPSHOT-dist.tar.gz +

Create midPoint home directory and also make sure it can be accessed by tomcat:

sudo mkdir /opt/midpoint-home +
sudo chown link:http://tomcat7tomcat7[tomcat7:tomcat7] /opt/midpoint-home +

Add JAVA_OPTS="$JAVA_OPTS -server -Xms256m -Xmx1024m -XX:PermSize=128m -XX:MaxPermSize=256m -Dmidpoint.home=/opt/midpoint-home/" into catalina.sh file via command:

sudo vim /usr/share/tomcat7/bin/catalina.sh +

Copy midpoint.war in tomcat7 via command:

sudo cp */midpoint-3.1-SNAPSHOT/war/midpoint.war /var/lib/tomcat7/webapps

For stable release check: * the latest midpoint http://www.evolveum.com/downloads/midpoint/3.0/ * and download midpoint-3.0-dist.zip

For snapshot check: * the latest commit number on https://bamboo.evolveum.com/browse/MID-TRUNK/latestSuccessful * and download it via http://athena.evolveum.com/builds/master/ where .zip file should be selected (midpoint-3.1-SNAPSHOT-dist.zip).

Apache*install.* Check also: midPoint on Ubuntu, Tomcat, PostgreSQL HOWTO
Install apache2 via command: sudo apt-get install apache2
\=================================================================================================================================================================
Install*WinSCP* (commander variant) on local operating system because of need to transfer files between local operating system and midpoint VM located on Virtual box.
\=================================================================================================================================================================
Midpoint 3.0 configuration.
In case you want to import new midpoint WAR, delete midpoint files (sudo rm -r midpoint) in /var/lib/tomcat7/webapps and /var/lib/tomcat7/Catalina/localhost.
In order to change midpoint repository, edit config.xml in opt/midpoint-home and replace old H2 repository with postgreSQL:
<repository>
<repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
<embedded>false</embedded>
<driverClassName>org.postgresql.Driver</driverClassName>
<jdbcUsername>midpoint</jdbcUsername>
<jdbcPassword>5ecr3t</jdbcPassword>
<jdbcUrl>jdbc:postgresql://localhost/midpoint</jdbcUrl>
<hibernateDialect>com.evolveum.midpoint.repo.sql.util.MidPointPostgreSQLDialect</hibernateDialect>
<hibernateHbm2ddl>validate</hibernateHbm2ddl>
</repository>
\=================================================================================================================================================================
Create postgreSQL database. Check: midPoint on Ubuntu, Tomcat, PostgreSQL HOWTO Example for create a database: ubuntu@ubuntu-i386:/$ sudo -u postgres createdb --owner=midpoint midpoint Example to execute the script to create database: ubuntu@ubuntu-i386:/$ psql --host=localhost --username=midpoint -d midpoint < /midpoint-2.3-SNAPSHOT/config/sql/midpoint/2.3/postgresql/postgresql-2.3.sql Check if database was created correctly: ubuntu@ubuntu-i386:/$ sudo su - postgres postgres@ubuntu-i386:~$ psql -U postgres postgres=# \l
\=================================================================================================================================================================
Download, unzip and copy Java Cryptography Extension (JCE) version 6, 7, 8 local_policy.jar and US_export_policy.jar files into /usr/lib/jvm/java…/jre/lib/security file located in midpoint VM.
\=================================================================================================================================================================
Download and install KeyStore Explorer 5.0 in order to* combine default and strong key* from midpoint’s 2.2.1 keystore.jceks (located in var/opt/midpoint) with midpoint’s 3.0 keystore.jceks default key (located in /opt/midpoint-home).
\=================================================================================================================================================================
Create export.csv file or import via WinSCP and set up full access rights (sudo chmod 777 export.csv) and also chmod o+w for hr in path /var/opt/hr/export.csv
Also set sudo chown tomcat7:tomcat7 /var/opt/hr
\=================================================================================================================================================================
Download OpenDj zip (OpenDJ-2.5.0-Xpress1.zip) file, unzip.
Create new directory via command: sudo mkdir /opt/OpenDJ
Copy OpenDJ-2.5.0-Xpress1 into /opt/OpenDJ and set access rights if necessary (sudo chmod 777 …).

Start installation ( OpenDJ) of OpenDJ via command (taking into account your path and OpenDJ version):
ubuntu@ubuntu-i386:/$ sudo /opt/opendj/OpenDj.*/./setup --cli

Import exportPhpLdapAdminDemo3.ldif or .ldif by your desire (Option 3 for populating the database). Exact path is demanded.

Allow ACI for cn=changelog suffix (non-Windows platforms only):
opt/OpenDJ/OpenDJ-2.5.0-Xpress1/bin/$ ./dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w secret -X -n set-access-control-handler-prop --add global-aci:"(target=\"link:ldap://wiki.evolveum.com/cn=changelog%5C[ldap:///cn=changelog\]")(targetattr=\"\*||\") (version 3.0; acl \"IDM Access to ChangeLog\"; allow (read,search,compare) userdn=\"link:ldap://wiki.evolveum.com/uid=idm,ou=Administrators,dc=example,dc=com%5C[ldap:///uid=idm,ou=Administrators,dc=example,dc=com\]";)" -n

Allow ACI for root DSE (non-Windows platforms only):
opt/OpenDJ/OpenDJ-2.5.0-Xpress1/bin/$ ./dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w secret -X -n set-access-control-handler-prop --add global-aci:"(target=\"link:ldap://wiki.evolveum.com/%5C[ldap:///\]")(targetattr=\"changeLog || firstChangeNumber || lastChangeNumber\")(version 3.0; acl \"IDM Access to ChangeLog\"; allow (read,search,compare) userdn=\"link:ldap://wiki.evolveum.com/uid=idm,ou=Administrators,dc=example,dc=com%5C[ldap:///uid=idm,ou=Administrators,dc=example,dc=com\]";)" - \=================================================================================================================================================================
In order to run Addressbook resource create database addressbook with table people.
You can also import file addressbook.sql from VM Demo2.2.1 (postgres@electra:~$ pg_dump adddressbook > /tmp/addressbook.sql) into postgres database (via WinSCP) VM Demo3.
Following command for table people creation is also possible to use: addressbook=# create table people (first_name CHARACTER VARYING(100),last_name CHARACTER VARYING(100) NOT NULL,tel_number CHARACTER VARYING(32),fax_number CHARACTER VARYING(32),office_id CHARACTER VARYING(32),floor integer,street_address CHARACTER VARYING(100),city CHARACTER VARYING(100),country CHARACTER VARYING(100),postal_code CHARACTER VARYING(16),validity boolean, created timestamp without time zone,modified timestamp without time zone,username CHARACTER VARYING(64),password CHARACTER VARYING(64));
\=================================================================================================================================================================
Insert values in table people. Command is following (or import file addressbook-schema.sql): addressbook=# insert into people (first_name,last_name,tel_number,office_id,city,validity,username,password) values ('Raffaello','Sanzio da Urbino',+3968887777,'Employee','Rome','t','raphael','dS0eE'); addressbook=# insert into people (first_name,last_name,tel_number,office_id,city,validity,username,password) values ('Leonardo','da Vinci',+3968687797,'Employee','Florentine','t','leonardo','NZ6i1'); addressbook=# insert into people (first_name,last_name,tel_number,office_id,city,validity,username,password) values ('Michelangelo','di Lodovico Buonarroti Simoni',+3968587707,'Contractor','Rome','t','michelangelo','l3xps');
\=================================================================================================================================================================
Set up user addressbook in postgres database (based on Addressbook postgre resource XML schema user addressbook). Command is following: addressbook=# create user addressbook with password 'secret'; addressbook=# grant all privileges on database addressbook to addressbook; addressbook=# grant all on table people to addressbook;
\=================================================================================================================================================================
Import file hr.sql from VM Demo2.2.1 (postgres@electra:~$ pg_dump hr > /tmp/hr.sql) into postgres database (via WinSCP) VM Demo3 and set up user hr in postgre database:
sudo -u postgres createuser --pwprompt --no-superuser --no-createdb --no-createrole hr Create database: sudo -u postgres createdb --owner=hr hr psql --host=localhost --username=hr < /home/ubuntu/hr.sql
\=================================================================================================================================================================
Import addressbook.war and hr.war into ./tomcat7/webapps
\=================================================================================================================================================================
Set up replication for opendj based on http://ludopoitou.wordpress.com/2011/05/11/opendj-enabling-the-external-change-log-on-a-single-server/
Code can be following:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/$ bin/dsconfig create-replication-server -h 10.0.2.15 -p 4444 -D "cn=directory manager" -w secret -X -n
--provider-name "Multimaster Synchronization" --set replication-port:8989 --set replication-server-id:2 --type generic

And:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/$ bin/dsconfig create-replication-domain -h 10.0.2.15 -p 4444 -D "cn=directory manager" -w secret -X -n
--provider-name "Multimaster Synchronization" --set base-dn:dc=example --set replication-server:10.0.2.15:8989 --set server-id:3 --type generic --domain-name example_com

And:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/$ bin/ldapsearch -D cn=directory\ manager -w secret -h 10.0.2.15 -p 1389
-J "1.3.6.1.4.1.26027.1.5.4:false:;" -b "cn=changelog" '(objectclass=*)'
\=================================================================================================================================================================
Add further .ldif files via, check also http://opendj.forgerock.org/opendj-server/doc/admin-guide/index/chap-groups.html:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword secret --defaultAdd --filename /home/ubuntu/groupsPainters-permissions.ldif

Set up access rights to openDJ for technical midpoint user, check also http://opendj.forgerock.org/opendj-server/doc/admin-guide/index/chap-privileges-acis.html:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w secret -X -n set-access-control-handler-prop --add global-aci:'(target="ldap:///ou=groups")(version 3.0; acl "Admin config access"; allow (all)groupdn="ldap:///cn=Administrators";)' -n
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./dsconfig -h localhost -p 4444 -D "cn=Directory Manager" -w secret -X -n set-access-control-handler-prop --add global-aci:'(target="ldap:///ou=groups")(version 3.0;acl "Administrators Group permission"; allow(all) groupdn="ldap:///cn=Administrators";)' -n

In case of any delete, modification or add operation you can also use following commmands to change previous settings:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./ldapdelete --port 1389 --bindDN "cn=Directory Manager" --bindPassword secret "cn=painters,ou=Groups,dc=example,dc=com"
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./ldapdelete --port 1389 --bindDN "cn=Directory Manager" --bindPassword secret "cn=employees,ou=Groups,dc=example,dc=com"
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./ldapdelete --port 1389 --bindDN "cn=Directory Manager" --bindPassword secret --deleteSubtree "dc=example,dc=com"
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./ldapmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword secret --defaultAdd --filename /home/ubuntu/groupsPainters-permissions.ldif
\=================================================================================================================================================================
In case you need to check LDAP schema or search some element use command:
Check all:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ldapsearch -x -h localhost -p 1389 -b "dc=example,dc=com" -s sub "objectclass=*"

Check selected element:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ldapsearch -x -h localhost -p 1389 -b "dc=example,dc=com" "cn=Testi Testini"

In case you need to import ldif file with pre-encoded attributes (such as userpassword: {SSHA}KHIeTa1f4ntz0w6evBan7w+wxFYEQ7AFH8Gz7w==) you need to change default LDAP settings via:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ ./dsconfig set-password-policy-prop --set allow-pre-encoded-passwords:true --policy-name "Default Password Policy" -h localhost -p 4444 -D "cn=Directory Manager" -w secret -X -n
\=================================================================================================================================================================
Phpldapadmin installation and Apache2 configuration:
sudo mkdir /etc/apache2/conf.d
sudo apt-get install phpldapadmin

Because phpldapadmin expects old file structure is necessary to do:
sudo mv /etc/apache2/conf.d/\* /etc/apache2/conf-enabled/
ubuntu@ubuntu-i386:/etc/apache2/conf-enabled$ sudo mv phpldapadmin phpldapadmin.conf
sudo service apache2 reload
\=================================================================================================================================================================
Phpldapadmin configuration. Check also: http://forums.debian.net/viewtopic.php?f=5&t=111508
At sudo vim /usr/share/phpldapadmin/lib/functions.php lines 2130, 2311, 2320 and sudo vim /usr/share/phpldapadmin/lib/PageRender.php line 289: replace: password_hash with: pla_password_hash At sudo vim /usr/share/phpldapadmin/lib/functions.php line 2549 and sudo vim /usr/share/phpldapadmin/lib/ds_ldap.php line 1120: replace: preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$rdn); with: preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',function(){return "''.chr(hexdec('\\1')).''";},$rdn); At /usr/share/phpldapadmin/lib/functions.php line 2554 and /usr/share/phpldapadmin/lib/ds_ldap.php line 1125: replace: preg_replace('/\\\([0-9A-Fa-f]{2})/e',"''.chr(hexdec('\\1')).''",$dn); with: preg_replace_callback('/\\\([0-9A-Fa-f]{2})/',function(){return "''.chr(hexdec('\\1')).''";},$dn);
\=================================================================================================================================================================
*Phpldapadmin configuration. *Check also: http://forums.debian.net/viewtopic.php?f=5&t=111508 At sudo vim /etc/phpldapadmin/config.php and /usr/share/phpldapadmin/config/config.php line 161 replace: //$config→custom→appearance['hide_template_warning'] = false; with: $config→custom→appearance['hide_template_warning'] = true; At line 194 - 199 replace: $config→custom→appearance['friendly_attrs'] = array( 'facsimileTelephoneNumber' ⇒ 'Fax', 'gid' ⇒ 'Group', 'mail' ⇒ 'Email', 'telephoneNumber' ⇒ 'Telephone', 'uid' ⇒ 'User Name', 'userPassword' ⇒ 'Password' ); with: $config→custom→appearance['friendly_attrs'] = array( # 'facsimileTelephoneNumber' ⇒ 'Fax', # 'gid' ⇒ 'Group', # 'mail' ⇒ 'Email', # 'telephoneNumber' ⇒ 'Telephone', # 'uid' ⇒ 'User Name', # 'userPassword' ⇒ 'Password' ); At line 286 replace: $servers→setValue('server','name','My LDAP server'); with: $servers→setValue('server','name','Leonardo's Workshop LDAP Server'); At line 296 replace: //$servers→setValue('server','port',389); with: $servers→setValue('server','port',1389); At line 318 replace: $servers→setValue('login','auth_type','session'); with: $servers→setValue('login','auth_type','config'); At line 326 replace: $servers→setValue('login','bind_id','cn=admin,dc=example,dc=com'); with: $servers→setValue('login','bind_id','uid=phpldapadmin,ou=Administrators,dc=example,dc=com'); At line 332 replace: //$servers→setValue('login','bind_pass','secret'); with: $servers→setValue('login','bind_pass','secret'); sudo service apache2 reload
\=================================================================================================================================================================

Apache2 configuration.
Import default file from VM demo midpoint2 /etc/apache2/sites-available into VM demo midpoint3 and rename it to 000-default.conf
Rename files 000-default.conf to 000-default.conf.orig in VM demo midpoint3 located in /etc/apache2/sites-enabled and /etc/apache2/sites-available
Copy 000-default.conf file into /etc/apache2/sites-enabled and /etc/apache2/sites-available
sudo service apache2 reload

Modules need to be started via:
ubuntu@ubuntu-i386:/$ a2enmod rewrite
sudo service apache2 reload
ubuntu@ubuntu-i386:/$ a2enmod proxy_http
sudo service apache2 reload
ubuntu@ubuntu-i386:/$ a2enmod authnz_ldap
sudo service apache2 reload

exportPhpLdapAdminDemo3.ldif file configuration passwords and passwords in 000-default.conf file has to be identical
Check /var/log/apache2/error.log or /var/log/apache2/access.log in case of trouble.
Also direction has to be created for library application: sudo mkdir /var/www/library
sudo chown tomcat7:tomcat7 /var/www/library
sudo service tomca7 restart
\=================================================================================================================================================================

According settings in /var/lib/tomcat7/webapps/hr/WEB-INF/db-config.xml and in 000-default.conf add password to user hr: hr=# ALTER ROLE hr WITH PASSWORD 'nbusr123';
\=================================================================================================================================================================
Set up OpenDJ automatic initialization.
Add user:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ sudo adduser opendj
Check user in: /etc/passwd (opendj:x:1001:1001:OpenDJ,,,:/home/opendj:/bin/bash)
Change owner:
ubuntu@ubuntu-i386:/opt/opendj$ sudo chown -R opendj:opendj OpenDJ-2.5.0-Xpress1
Create initialization script:
ubuntu@ubuntu-i386:/opt/opendj/OpenDJ-2.5.0-Xpress1/bin$ sudo ./create-rc-script -f etc/init.d/opendj -u opendj
ubuntu@ubuntu-i386:/etc/init.d$ sudo update-rc.d opendj defaults
Check initialization:
ubuntu@ubuntu-i386:~$ ps -ax | grep opendj
\=================================================================================================================================================================
Import midpoint resources:
Import extension-electra.xsd into /opt/midpoint-home/schema Via midpoint opened in browser import (Configuration → Import objects → Choose file → Import object): addressbook.xml, hr.xml, opendj.xml, org.xml, password-policy.xml, role-contractor.xml, role-fte.xml, role-patron.xml and user-template.xml In midpoint confirm user template via (Configuration → Basic → Click on blue square beside Default user template → select Default user template → Save)
\=================================================================================================================================================================
In case of troubles with phpLDAPadmin delete in Live Sync: LDAP Server (OpenDJ) task token:
<extension>
<gen51:token xmlns:gen51="http://midpoint.evolveum.com/xml/ns/public/provisioning/liveSync-1.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xsd:int">97</gen51:token>
</extension>

\=================================================================================================================================================================

Was this page helpful?

YES NO

Thanks for your feedback