Password policy attributes are treated as operational attributes, that is, maintained by the DSA and not externally. These should appear when using the suggestions above. For example,
ldapsearch -x -h host:port -b ou=users,o=ca,c=au "(cn=justin)" +
# extended LDIF
#
# LDAPv3
# base <ou=users,o=ca,c=au> with scope subtree
# filter: (cn=justin)
# requesting: +
#
# justin, users, ca, au
dn: cn=justin,ou=users,o=ca,c=au
createTimestamp: 20160824233907.402Z
modifyTimestamp: 20160824233917.588Z
dxPwdLastChange: 20160824233917.588Z
dxPwdLoginTime: 20160824233917.588Z
dxPwdMustChange: TRUE
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
My only other thought if they aren't returned is if password policy isn't enabled, or password policy has been recently enabled and the entries being retrieved haven't been used/updated.