Much appreciated for the answer.

I was afraid that IAPs will discover the controller and will join it and eventually will get converted to RAPs.

If they are broadcasting different ssids then that should be fine, though the controller will see them as rogues.

what would be the issue with the same SSID, since I'm planning to have exactly that ?

No issue unless you're automatically attempting to prevent rogues.

The WIPS functions from either set of access points will try to block use of the other if you've got it turned on.

If not, you'll just get warnings from each that the other may be a rogue.

Might be issues with clients roaming between the two systems.  Will be somewhat worse for dot1x or captive portal users.

At least make them use the same subnet and dhcp server so there's no chance of duplicate ips etc.

no dot1x and the captive portal is going to be external, and on top of that the subnet for the users is going to be the same with the same DHCP, so I guess I should be fine. In regards of rogue APs detection, I guess I can define which APs are not rogue so I don't get the alarms.

thanks guys for good advise.

You can change Rogue status on the Controller but you cannot on the IAP.