Patch 0001: Make sdap_access_send() public so the IPA provider can
consume it.
Patch 0002: Check that the user is not disabled before performing the
HBAC check. I chose to do the nsAccountLock check first because it's a
very fast operation against the cache, so if it returns PAM_PERM_DENIED
we will skip the slower HBAC checks and jump straight to denial.