OK - here it goes - not for the fainthearted - can probably be simplified/improved....
These examples are demonstrating using critical controls on an iterator mode ldap connector - so you have to work from here.
These put in the "before selection" hook (you need to find an appropriate hook for your case) :
// PersistentSearchControl example (works)
control = new com.ibm.ldap.bp.ctl.PersistentSearchControl(com.ibm.ldap.bp.ctl.PersistentSearchControl.ANY,false, false);
control.setCriticality(true);
controlArray = java.lang.reflect.Array.newInstance(control.getClass(), 1);
controlArray[0] = control;
thisConnector.connector.getLdapContext().setRequestControls(controlArray);
// SortedResultsControl example (works)
//control = new com.ibm.ldap.bp.ctl.SortedResultsControl("initials");
//control.setCriticality(true);
//controlArray = java.lang.reflect.Array.newInstance(control.getClass(), 1);
//controlArray[0] = control;
//thisConnector.connector.getLdapContext().setRequestControls(controlArray);
you will need to download the java toolkit for SDS and add it to your TDI solution to use these examples.
Now - you may be lucky that you only need to apply server admin control to update the pwdpolicy - this means that the following placed in the "before initialize" hook should do it :
thisConnector.connector.setServerAdminControl(true);
So try that out first.
I am sorry I do not have the time to make these examples more helpful - they could be done using pure javax methods but in that case you probably need to reference the controls in EAN.1 notation. Also the reflection can probably be avoided calling the static methods with their full class name.
HTH
Regards
Franz Wolfhagen