Issue title makes no sense.

Could probably implemented by caching auth realm data and using that as fallback if there is an error connecting to the live auth realm.

Not a core issue as authentication is completely done in plugins.

Adding LDAP plugin component as the issue description specifically refers to that.

I'd advocate for support of non-LDAP users. Sometimes one needs a machine account to just access jenkins. Setting up an LDAP account might be an issue with IT.

Good points. We were burned by this issue just recently when our corporate LDAP server experienced issues. Our build and deploy pipeline became invisible since no log in is possible. The maximum cache currently allowed by the LDAP plugin is 1 hour. We need something like 3 days, or a way to have a local login in addition to the LDAP authenticated login.

You can configure the plugin with multiple LDAP servers so to failover to a backup if the primary goes down. If you only have one LDAP server then I would recommend getting another one - (Steven - your company is not short of LDAP servers).

There are current non Jenkins workarounds like using a service like MS AD LDS - solutions from other vendors apply also - but this does indeed add to the complexity of getting something like this working adds to support and are less than ideal.
An API token should still work for script based access in order to reset some configuration - but there appears to be no API for Configure System or Configure Global Security that I could find that would allow you to change this.

As for the 1 hour maximum (worth a different JIRA - but 3 days sounds a little excessive to me from a security perspective) - PRs welcome to this code

danielbeck LDAP plugin should already cache this data (assuming you have already authenticated)

I think the best solution here might be to support multiple security realms with failover.

https://issues.jenkins-ci.org/browse/JENKINS-15063