Adding the password policy control to a PwdModifyRequest results in slightly strange behavior. Without the control, if a failure occurs, an exception is thrown as expected. With the control, no exception is thrown, but the LdapResponse ResultCode is set to INVALID_CREDENTIALS instead of the expected CONSTRAINT_VIOLATION, and no controls are included in the response. The diagnostic message on the LdapResultDecorator in the response shows that of my constraint violation, so I think there are some crossed wires somewhere.
Workaround: if using a password attribute on an entry (and not a password stored outside of the directory), then use a ModifyRequest with just that attribute.