Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 30. Installing and running the IdM Healthcheck tool

Learn more about the IdM Healthcheck tool and how to install and run it.

  • The Healthcheck tool is only available on RHEL 8.1 or later.

30.1. Healthcheck in IdM

The Healthcheck tool in Identity Management (IdM) helps find issues that may impact the health of your IdM environment.


The Healthcheck tool is a command line tool that can be used without Kerberos authentication.

Modules are Independent

Healthcheck consists of independent modules which test for:

  • Replication issues
  • Certificate validity
  • Certificate Authority infrastructure issues
  • IdM and Active Directory trust issues
  • Correct file permissions and ownership settings

Two output formats

Healthcheck generates the following outputs, which you can set using the output-type option:

  • json: Machine-readable output in JSON format (default)
  • human: Human-readable output

You can specify a different file destination with the --output-file option.


Each Healthcheck module returns one of the following results:

configured as expected
not an error, but worth keeping an eye on or evaluating
not configured as expected
not configured as expected, with a high possibility for impact

30.2. Installing IdM Healthcheck

Follow this procedure to install the IdM Healthcheck tool.


  • Install the ipa-healthcheck package:

    [root@server ~]# yum install ipa-healthcheck

    On RHEL 8.1 and 8.2 systems, use the yum install /usr/bin/ipa-healthcheck command instead.

Verification steps

  • Use the --failures-only option to have ipa-healthcheck only report errors. A fully-functioning IdM installation returns an empty result of [].

    [root@server ~]# ipa-healthcheck --failures-only

Additional resources

  • Use ipa-healthcheck --help to see all supported arguments.

30.3. Running IdM Healthcheck

Healthcheck can be run manually or automatically using log rotation.



  • To run healthcheck manually, enter the ipa-healthcheck command.

    [root@server ~]# ipa-healthcheck

Additional resources

For all options, see the man page: man ipa-healthcheck.

30.4. Additional resources