Here is what you need to do at minimum:
In the AP system profile in the ap-group of that RAP, you need to define the Remote-AP DHCP Server VLAN that you will be providing DHCP. This number can be arbitrary, but it needs to match the VLAN of your bridged traffic. If you are broadcasting a Virtual AP on that AP with the forwarding mode "bridged", you need to match the VLAN above. Addresses will be given out by the DHCP server defined in the Remote-AP DHCP Server commands in that AP system profile; the defaults will work just fine, initially. When you create your Virtual AP for those clients, their role only needs to have two ACLS:
any any service dhcp permit
any any any route src-nat
The first ACL will allow your clients to obtain an ip address. The second ACL will source-nat the traffic out of the public address that the RAP obtains.