Managed to figure out a way to do it. Not the prettiest solution but at least it works.
If I configure the service-template (~SSID profile) with a vlan:
wlan ap-group algdi
if-match ip 10.10.10.0 255.255.255.0
ap ap-3.1
ap ap-3.3
ap ap-4.4
dot11a service-template 1 vlan-id 123
dot11a service-template 2 vlan-id 123
dot11bg service-template 1 vlan-id 123
dot11bg service-template 2 vlan-id 123
then this vlan id is then sent along with the radius request as part of the NAS-port-id:
Input RADIUS Attributes -
Radius:IETF:Acct-Session-Id = 11607121154130ed09a5627f
Radius:IETF:Called-Station-Id = 2C-41-38-DB-AA-8E:clearpasshp
Radius:IETF:Calling-Station-Id = 28-B2-BD-42-D8-1C
Radius:IETF:Chargeable-User-Identity =
Radius:IETF:Framed-MTU = 768
Radius:IETF:Framed-Protocol = 1
Radius:IETF:NAS-Identifier = AC1
Radius:IETF:NAS-IP-Address = 10.10.10.34
Radius:IETF:NAS-Port = 16811984
Radius:IETF:NAS-Port-Id = slot=1;subslot=0;port=8;vlanid=123
Radius:IETF:NAS-Port-Type = 19
Radius:IETF:Service-Type = 2
Radius:IETF:User-Name = DOMAIN\\user
That is the only way I found to get dynamic vlans that take the ap-group into acount.
And for your reference Capali, these are all the radius VSA's that I receive in the request.
EDIT: If you solve it like this, be sure to add ALL the vlans you may be pushing to users from this ap-group. The HP WLAN controller seems to send the previously pushed vlan when a user switches networks instead of the default vlan.