Jenkins + LDAP Plugin --- Any way to have a login backdoor?

You're right that vanilla Jenkins can't do more than one authn/authz type, which makes local accounts infeasible. In the scenario where LDAP is unavailable temporarily, what I've done in the past is shut down Jenkins, disable authn/authz via editing Jenkins' config.xml (on my Linux systems the full path is /var/lib/jenkins/config.xml), and then restart Jenkins. Specifically, you'll want to change this line:

<useSecurity>true</useSecurity>

To:

<useSecurity>false</useSecurity>

Note that this will give admin access to anonymous users, so use with caution. If you are comfortable with editing XML by hand, it's also possible to edit this file in such a way as to allow admin access via logging in with a local account.

You can also do any of this with a Groovy script if you happen to have an active session with administrative permissions.