Lock Reseller Accounts

Good morning Virtualmin Team!

We are in the process of doing some automation of provisioning/deprovisioning virtualmin reseller accounts; however, I am coming across some trouble with the deprovisoning portion of this task.

When I say 'deprovision' a reseller account, I would simply like to lock down the account so that the user cannot login in to the virtualmin UI or to their unix account that gets made for them when their account is created. According to this issue: https://www.virtualmin.com/node/38592, it is not possible to noshell someones unix account via the command line. An alternative was offered which was to 'lock' the reseller account using:

virtualmin modify-reseller --name whoever --lock

When I run this command, I get the following message:

Successfully updated reseller vbo66

Then when I try to login in to the vbo66 unix account, I can do so without issue and when I try to login to the virtualmin UI, I can without issues. So it does not seem the reseller account is being locked in the manner I think it should. Could y'all let me know how the account is being locked by using this method? And when I can finally lock the account via this method, would SSH keys that the user had set up be a way to bypass this locking mechanism?

Also, we are using LDAP users and groups and when I visit the 'EDIT user' page under the LDAP users and groups webmin module --> Check 'Login temporarily disabled' --> save, the account appears to be disabled immediately as I get prompted to login but the password setup with the account does not work either via SSH or through the virtualmin UI. Thanks much for all y'alls help and let me know if I can explain anything more thouroughly.

-victor