I'm using chaining as well, from 3 slaves that chain to a single master. In my case, I created a new user to do the chaining (cn=proxyUser,dc=domain). In order to get my setup working I had to add an authzTo URI to my cn=proxyUser account in addition to the chain-* configuration references you mentioned:
# proxyUser, domain
dn: cn=proxyUser,dc=domain
authzTo: {0}ldap:///ou=people,dc=domain??one?(objectClass=posixAccount)
All my user accounts are in the ou=people branch and are all contain the OC posixAccount as indicated above. You may need to craft a different URI depending on what accounts you want to modify and where they live. The slapd-ldap(5) man page has more info on using authzTo.
(I don't know if this is necessarily the fix in your case as you're using what appears to be your admin account to do the chaining, but this is what got mine working)