I was able to get login working using LDAP group authorization, without needing to modify the AD schema to add the CiscoAvPair attribute, and without having to use an alternate attribute.
This was done on a C220 M4 running CIMC Firmware Version 2.0(1...