in cisco documents I find that is'd be better not to use untagged vlans but in all cisco examples management vlan and ap manager vlan are always untagged.
What do you think is the best way use tagging?
Also shuld be possible to use to different vlans for AP manager and management? If it should, which would be best to tag the ap manager vlan or the management one?
Which controller are you talking about?
If I look at the config on my 4402, they are tagged, but if I look at the wism configs, they are not.
Security best-practice is to never use the untagged (native) VLAN. The number of organizations that follow this best-practice is probably under .5%. Since it's something that's rarely practiced, it's no surprise that Cisco has examples with the manager interfaces being untagged.
I have used untagged VLANs on the management interfaces for all of my installations. There is nothing wrong with this deployment - it will work just fine. Your other VLANs will require tagging. I'd recommend keeping your Manager and AP Manager interfaces on the same VLAN, though this isn't required.
Does that help to answer your question?