I use the term “groups” loosely here. On my list of features that are needed in Lion Server (a much smaller since the advent of 10.7.3 btw) is the fact that Address Book Server doesn’t have groups, resources or whatever you want to call a logical structure that is a place for groups of users to keep contacts whose access can be limited to only certain users. The Address Book client fully understands such constructs, given that it separates the GAL from a user’s contacts and that user’s can themselves have groups of contacts. This area is a huge miss. The reason this annoys me is that you have the ability to do this stuff with iCal Server, which uses roughly the same technology (Twisted CalDAV vs. CardDAV). You can include LDAP contacts in an Address Book search, which just gives users access to users configured on the local server. Helpful if your user base is a walled garden. And don’t tell me that it kinda’ works the same in Exchange. Because a contact is not a user in Exchange…
Anyway, one way to get a shared list of contacts is to create a user just to be the shared list. This user is going to have a password. That password is going to end up in the keychain for all users who we install this account for. Furthermore, all of those users can delete contacts. And those users will invariably delete an account and blame said deletion on the server. Given that servers don’t delete data on their own, the blame is basically poorly placed.
If you need granular permissions control over shared contact lists, then Address Book server is not for you. But if you just need a “group” or two that is wide open permission-wise for all users, then consider this strategy. First, let’s enable Address Book services. To do so, first open the Server application from an Open Directory Master. Then, click on the Address Book entry in the Server application’s sidebar. Here, click on the ON button (by the way, I could have just used this paragraph as an article on Setting Up Address Book Server).
Now that the service is started, click on Users. Then click on New User.
At the New User screen, let’s pick an arbitrary name that someone who gets access to this computer won’t think anything of, should they notice this account.
Once created, to make sure that the user has access to the Address Book service. To do so, click on the account and then select Edit Access to Services… from the cog wheel icon and verify that the Address Book service is enabled for the user.
Now, let’s check out how this looks on a client. These accounts can be deployed through profiles easily. But we like doing things the hard way. Therefore, let’s open the nifty Mail, Contacts & Calendars System Preference pane and then click on the Add Account… button. From the Choose an account type field, click on the Add a CardDAV account button. Click on the Create… button.
Provide the username and password recently created, as well as the name or IP of the server.
Now open Address Book. Click on the red bookmark icon. You’ll then see your contact stash. Click on it and you can create, delete and otherwise do whatever you like here. If you create contacts and install this account on multiple machines then you’ll be able to edit or delete them from any of the stations they’re installed on.
You can install the accounts on iOS devices as well, using the Mail, Contacts & Calendars option in the Settings app.
Good luck. And may Billy Madison have mercy on your Address Book.