I don't think it is possible via configuration only, probably will require customizing the code. If you need this customization for CMS admin users (not for frontend website users), you would need to look at the following code file \CMS\CMSPages\logon.aspx.cs - it contains the authentication code. Take a closer look at Login1_Authenticate and GetCallbackResult methods, my guess would be you can write your custom code here to check if the user is in specific role - unlocak his account if it is locked and let them in.
But you should be aware of the following - this is Kentico default pages and controls. If you customize these it means that during the upgrade you would need to take care of migrating this customization manually and do not forget it.