I had the same questions for my small server group. After poking around and finally asking Apple Enterprise Support, here is what I learned:
The on/off switch for Address Book in Server does just what it says, turns the service on and off.
Actual setup of the server is in the HTML documentation; The most critical element that you must setup by command line is the hostname. The clients will find the server without this, but it will be slow and the refresh and timeouts will bog down the network.
Mountain Lion Address Book Server is basically your personal iCloud Contacts server. For each user configured in the Server you can populate an Address Book and share it. There isn't really a server/client relationship here, so your "fake" user will come in handy again. Like iCloud, if the user account accesses a particular Contacts list, they have full access to view and edit anything in that Contacts. There are no secure groups, no secure contacts, no preferences... These would fall under the CardDAV Delegates protocol, which isn't implemented by Apple's Address Book (and I couldn't find anything hidden to turn it on. Anyone else? sudo serveradmin settings addressbook).
There appears to be some attempt to solve this through Profile Manager, but, like everything in Profile Manager, it doesn't work.
Since the Mountain Lion Address Book Server is providing CardDAV service, it is accessible by any CardDAV client, including past OS X versions of Contacts/Address Book.
Directory services Address Book information is not editable by anyone except the sysadmin. This information is populated automatically with any data added to the User's account in Server. In practice, there are other discussions here and on the net where this information has been added to directly through the Directory manager for contacts other than Server Users. This doesn't help with granting limited permissions, however, since only the Server manager can edit this information.
So, how do you populate a server address book?
After turning on Address Book Server in the Server manager and configuring the hostname using the command line, add a CardDAV account to your client. Contacts ->Preferences -> Accounts -> +
- Account type: CardDAV
- User name: (any Server user)
- Password: (that user's password)
- Server address: hostname of your server
If you populate this address book, then configure the same exact account in another client, it will populate with the same addresses. Like iCloud, if you want a group to share Contacts, you'll need a shared UID, another "User" for the sole purpose of sharing data.