diff --git a/lam-packaging/docker/.env b/lam-packaging/docker/.env
index 38897874..690f5a65 100644
--- a/lam-packaging/docker/.env
+++ b/lam-packaging/docker/.env
@@ -8,6 +8,11 @@ LAM_SKIP_PRECONFIGURE=false
 LDAP_DOMAIN=my-domain.com
 # LDAP base DN to overwrite value generated by LDAP_DOMAIN
 LDAP_BASE_DN=dc=my-domain,dc=com
+# LDAP users DN to overwrite value provided by LDAP_BASE_DN
+LDAP_USERS_DN=ou=people,dc=my-domain,dc=com
+# LDAP groups DN to overwrite value provided by LDAP_BASE_DN
+LDAP_GROUPS_DN=ou=groups,dc=my-domain,dc=com
+
 # LDAP server URL
 LDAP_SERVER=ldap://ldap:389
 # LDAP admin user (set as login user for LAM)
diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh
index 8c4cf85d..82aafb97 100755
--- a/lam-packaging/docker/start.sh
+++ b/lam-packaging/docker/start.sh
@@ -32,8 +32,10 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
   LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
   LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
   LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
+  LDAP_USERS_DN="${LDAP_USERS_DN:-${LDAP_BASE_DN}}"
+  LDAP_GROUPS_DN="${LDAP_GROUPS_DN:-${LDAP_BASE_DN}}"
   LDAP_ADMIN_USER="${LDAP_USER:-cn=admin,${LDAP_BASE_DN}}"
-
+  
   sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
     s|^password:.*|password: ${LAM_PASSWORD_SSHA}|;
 EOF
@@ -45,8 +47,8 @@ EOF
     s|^Passwd:.*|Passwd: ${LAM_PASSWORD_SSHA}|;
     s|^treesuffix:.*|treesuffix: ${LDAP_BASE_DN}|;
     s|^defaultLanguage:.*|defaultLanguage: ${LAM_LANG}.utf8|;
-    s|^.*suffix_user:.*|types: suffix_user: ${LDAP_BASE_DN}|;
-    s|^.*suffix_group:.*|types: suffix_group: ${LDAP_BASE_DN}|;
+    s|^.*suffix_user:.*|types: suffix_user: ${LDAP_USERS_DN}|;
+    s|^.*suffix_group:.*|types: suffix_group: ${LDAP_GROUPS_DN}|;
 EOF
 
 fi