diff --git a/src/groups.js b/src/groups.js
index a4406eb0b..1e08caae2 100644
--- a/src/groups.js
+++ b/src/groups.js
@@ -65,7 +65,7 @@ function validateGroupname(name) {
 
     if (constants.RESERVED_NAMES.indexOf(name) !== -1) return new GroupError(GroupError.BAD_FIELD, 'name is reserved');
 
-    // +/- can be tricky in emails
+    // +/- can be tricky in emails. also need to consider valid LDAP characters here (e.g '+' is reserved)
     if (/[^a-zA-Z0-9.]/.test(name)) return new GroupError(GroupError.BAD_FIELD, 'name can only contain alphanumerals and dot');
 
     // app emails are sent using the .app suffix
diff --git a/src/user.js b/src/user.js
index ff89d2a6e..9e5f381fa 100644
--- a/src/user.js
+++ b/src/user.js
@@ -97,7 +97,7 @@ function validateUsername(username) {
 
     if (constants.RESERVED_NAMES.indexOf(username) !== -1) return new UserError(UserError.BAD_FIELD, 'Username is reserved');
 
-    // +/- can be tricky in emails
+    // +/- can be tricky in emails. also need to consider valid LDAP characters here (e.g '+' is reserved)
     if (/[^a-zA-Z0-9.]/.test(username)) return new UserError(UserError.BAD_FIELD, 'Username can only contain alphanumerals and dot');
 
     // app emails are sent using the .app suffix