`generateLdif()` will fail if the bindpw contains `$` (e.g. `a$b`) with an "invalid credentials" error.
this is due to the passwd not being properly protected against shell expansion (the string after the `$` is interpreted as variable name, whih cis most likely empty: `a$b` == `a${b}` => `a`).

this patch calls `escapeshellarg` on the password just like for the other parameters.