Prerequisites for Sharing Contacts in Lion Server - dummies

Prerequisites for Sharing Contacts in Lion Server

By John Rizzo

You don’t really need to do much to your network to make Address Book Server in Lion available to users. You don’t even have to alter the directory. One requirement, though, is that the Mac you run Address Book Server on needs to be configured as an Open Directory master.

This configuration is necessary because Address Book client users are provisioned in Open Directory. This means that the directory services provide the authentication and access privileges.

As an option, a DNS entry can be helpful. And as with all services, you may need port forwarding if users access the service from the Internet.

Optional DNS

Although it’s not a requirement, you can add a service record (SRV record) for CardDAV to a DNS server to help clients connect to the Address Book service, particularly across the Internet. The service record can be on the DNS service running in Mac OS X Server or on another server. The port number used depends on whether you’re using a Secure Sockets Layer (SSL) certificate for Address Book service.

If you’re using an SSL certificate, the SRV record should map carddavs._tcp for port 8443 of the server’s hostname:

carddavs._tcp 86400 IN SRV 0 1 8443 our

If you’re not using SSL for Address Book service, add a record that maps _carddav._tcp for port 8008 to the server hostname. For example:

carddavs._tcp 86400 IN SRV 0 1 8008

If you’re running DNS service in Lion Server, you can use the graphical interface of Server Admin to create an SRV record in a DNS Zone. You type carddavs._tcp in the Service Type field. Type 8443 or 8008 in the Port field.

Internet access through a router

If you want users to access Address Book Server from the Internet through a DSL or cable router or other Internet router, you need to configure the router for port forwarding (also called port mapping). Port forwarding protects your network against attacks while still permitting Address Book users on the Internet to access the server.

With port forwarding, you set the router to forward traffic from the service port numbers to your server’s IP address (shown in the Server app’s Hardware pane). For Address Book service, the port numbers are SSL 8443 with SSL security or 8008 without SSL. Check your router’s instructions on how to configure it.

If you have an Apple router — AirPort Extreme Base Station (802.11n version) or Time Capsule — you can manage it from the Server app. You use AirPort Utility to set the device’s Connection Sharing option to Share a Public IP Address.

You also need to set the IPv6 mode to Tunnel by choosing Settings→Advanced. When you’re finished, the Apple router appears in the Server app’s sidebar under Hardware. Click it to configure port mapping.