juned56 upgrading LTS by LTS when you are running an old version is a waste of your time. You should go directly to the latest LTS line conform to your restrictions (check my previous message: either 2.462.3 or 2.479.1), along with plugins.
The rationale is that you will most probably hit edge cases which are solved by later plugins versions.
Plugins have a "minimum Jenkins Core version" baseline which can be upgraded over their life.
There are no "general" rule of thumb here as each plugin could break in different (and creative way) with incompatible or really old Core baseline. Except:
- Having a "staging' environment in which you can test some of your pipelines => you already have this with your UAT
- Taking backups => you already do that
- Upgrade frequently (once a month is a minimum) both Core and all plugins
The idea is to consider plugins to be "go to latest available for your Core version" and core to be "upgrade as soon as possible when available).
What is the version of the LDAP plugin you are using?