pveum: Document reserved characters and quoting of LDAP DNs

Signed-off-by: Christoph Heiss <c.heiss@proxmox.com>

pveum.adoc

@@ -394,6 +394,39 @@ The main options for syncing are:
 * `Preview` (`dry-run`): No data is written to the config. This is useful if you
   want to see which users and groups would get synced to the `user.cfg`.
 
+[[pveum_ldap_reserved_characters]]
+Reserved characters
+^^^^^^^^^^^^^^^^^^^
+
+Certain characters are reserved and cannot be easily used in attribute values
+in DNs without being escaped properly.
+
+Following characters need escaping:
+
+* Space (` `)
+
+* Comma (`,`)
+
+* Plus sign (`+`)
+
+* Double quote (`"`)
+
+* Forward slashes (`/`)
+
+* Angle brackets (`<>`)
+
+* Semicolon (`;`)
+
+* Equals sign (`=`)
+
+To use such characters in DNs, surround the attribute value in double quotes.
+For example, to bind with a user with the CN (Common Name) `Example, User`, use
+`CN="Example, User",OU=people,DC=example,DC=com` as value for `bind_dn`.
+
+This applies to the `base_dn`, `bind_dn`, and `group_dn` attributes.
+
+NOTE: Users with colons and forward slashes cannot be synced since these are
+reserved characters in usernames.
 
 [[pveum_openid]]
 OpenID Connect