Venish Khant writes:
database bdb database relay
No. You need to put the bdb configuration under "database bdb", e.g. "suffix" and "directory" below.
overlay rwm
Put that after the "relay" keyword. Don't know if that is the problem you reported, but after all "relay" is for the database, not the overlay.
suffix "dc=example,dc=com" relay "dc=example,dc=com"
You are now relaying dc=example,dc=com to itself, in an eternal loop. Except I thought the config catches that. Anyway, I expect example.com is for the database bdb while database relay should have some other suffix.
rootdn "uid=support,ou=people,dc=example,dc=com" (...) directory /var/lib/ldap index objectClass eq (...) cachesize 1500
These should likely be under database bdb, not relay.
(...) rwm-rewriteMap ldap mail2uid ldap://localhost/ou=people,dc=example,dc=com?uid?sub rwm-rewriteMap ldap uid2mail ldap://localhost/ou=people,dc=example,dc=com?mail?sub
Indent the lines with URLs, so the become continuation lines of the rwm-rewriteMap directives. (Note, I don't know rwm so I don't know if these lines are OK otherwise.)
password-hash {SSHA} (...) access to attrs="userPassword,sambaLMPassword,sambaNTPassword" (...) sizelimit 1500
Since these are under "database relay" they only apply to requests via back-relay. Put them where they affect bdb: either global or under bdb.
Note that you need access rules both for access via DNs ending with relay's suffix and for DNs ending with bdb's suffix. I haven't checked which rules apply when, but the slapd-relay manpage talks about it.