LDAP users do not have a mechanism to pick users from a list for things like Access Controls. I manually remove the email address portions from a GAB entry or other such contact list to be able to add users by point and click. I have users with LONG names which are easy to get wrong if manually typing out.
If there was an exposed user account list (in a way which a click to add list could work) apart from the GAB (or if it involved the GAB, a smart detection which would auto strip the unneeded portions from the selection) and along with that, the option to hide users from display on that list and the GAB.