You hit a limitation of chaining as it is implemented today: chaining of chained operations (namely, using idassert with proxied authorization, as when mode=self) is explicitly disallowed, as back-ldap refuses to add an instance of the proxied authorization control when one is already present. This is the case of chained requests. This limitation would be eliminated by the implementation of distributed procedures, currently a work in progress (stalled, I believe).
Let me add that I find your setup a little bit nonsensical: if you have shadow databases that are exact replicas of the producer, then each shadow should be able to answer read requests. As a consequence, there is no need to chain a shadow to another shadow. As a consequence, you should rather chain all shadow servers to the producer.
p.