I'll re-iterate everyone else's call for using the right tool for the job - and here, that tool is Net::LDAP. However, if there is something special with your ldapsearch executable that allows it to work where Net::LDAP can't (the only thing I can think of is LDAP searches restricted to root - i.e., outgoing on privileged ports - and ldapsearch being setuid-root), the way to get rid of the special-character problem is to eliminate the shell. Use the list form of system rather than the string form. Of course, you also want the output, so you'll need to use something like IPC::Open2. Note that we're going to quickly get to the point where using Net::LDAP will be the trivial solution, and this will be the hard solution. (And Net::LDAP will be faster.)

The key is to get each parameter in a seperate string in an array. You start with "ldapsearch -r" - we can't do that, they must be seperated out.

use IPC::Open2;

my @ldapsearch = qw(ldapsearch -r);
my @userdncmd = (@ldapsearch,
                 -h => $ldapserver,
                 -b => 'dc=xxx,dc=com',
                 'employeenumber=' . $id,
                 'dn');
my ($rdrfh, $wtrfh);
my $pid = open2($rdrfh, $wtrfh, @usrdncmd);
close $wtrfh; # don't need to write to the stdin of ldapsearch
my $userdn = do { local $/ = undef; <$rdrfh> };
chomp $userdn;
[download]

Another option is to create the pipe yourself - but that involves some forking and using exec instead of system. You can do this with pipe, but I usually use IO::Pipe. I think that's even more involved than using IPC::Open2.

As I said (as has everyone else), Net::LDAP is probably a better choice.

(Warning: untested, even uncompiled, code above.)